鬼仔's Blog

#!/usr/bin/php
<?php
# ————————————————————
# quick’n’dirty wordpress admin-take0ver poc
# by iso^kpsbr in august 2oo8
#
# works w/ wordpress 2.6.1
#
# .oO( private — do not spread! )Oo.
#
# you’ll have to make sure you run roughly the same
# php version as on the server, that is: if server
# is >=5.2.1 you’ll need to be as well, in case
# server is <5.2.1, your php also needs to be below.
# to make sure it works you’ll need the exact same version!
# also, mod_php works better than (f)cgi..
# (this is a first working version – not a very reliable one)
阅读全文 »

作者：axis

Stefan Esser今天写了篇很棒的文章，提到了关于MySQL里的两个缺陷

http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities

1. max_packet_size 的问题

2. SQL Column Truncation 攻击

我测试了第二个。
阅读全文 »

用wordpress的要注意了，不过拿我这里测试就没效果了，我从一开始就是关闭用户注册的。

# WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# in this hack we can remote change admin password, if registration enabled
#
# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends
阅读全文 »