This Perl script exploits a SQL injection vulnerability in LiteForum 2.1.1 by brute-forcing user passwords character-by-character using ASCII values. It leverages a time-based blind SQLi technique to extract password hashes via the 'author' and 'pswrd' parameters in the login form.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:LiteForum 2.1.1
No auth needed
Prerequisites:Target must be running LiteForum 2.1.1 · Knowledge of a valid user ID