远程包含漏洞挖掘脚本
2007-06-18 09:12
369 查看
<?php
set_time_limit(0);
function tree($directory)
{
$mydir=dir($directory);
while($file=$mydir->read()){
if((is_dir("$directory/$file")) && ($file!=".") && ($file!=".."))
{
tree("$directory/$file");
}
else{
if($file != "." && $file != ".."&&eregi(".php",$file)){
$fd=realpath($directory."/".$file);
$fop = fopen($fd, "r");
$i=0;
while ($buffer = fgets($fop, 4096)) {
$i++;
if((eregi("include",$buffer)||eregi("require",$buffer))&&strpos($buffer,"$")){
countall();
echo "<li><font color=\"#ff00cc\">file path:".$fd."</font></li>"." <td><a href=\"?downfile=".$fd."\">Down&&Open</a> "."<br> the file line<font color=\"#0000FF\">".$i."</font> ::======>". $buffer."<hr>";
}
}
fclose($fop);
}
}
}
$mydir->close();
}
function countall()
{
static $count = 1;
echo "the files number ".$count." :) ";
$count++;
}
if($_GET['act']=="findMM"){
$fuck=$_GET['GUID'];
tree($fuck);
}
if ($_GET['downfile']) {
$downfile=$_GET['downfile'];
if (!@is_file($downfile)) {
echo "<script>alert(\"the file is out\")</script>";
}
$filename = basename($downfile);//
$filename_info = explode('.', $filename);//
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP3 Generated Data');
readfile($downfile);
exit;
}
?>
<br>
<form action="<? echo $PHP_SELF?>" method="GET">
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="400" height="22">please wirte path(like: /usr/www/):</td>
<td><input name="GUID" type="text" id="GUID" value="E:\MyPhp\APMServ5.1.2\www\htdocs\ecshop"size="40" /></td>
</tr>
<input type="hidden" name="act" value="findMM" />
<tr>
<td height="22"> </td>
<td><input type="submit" name="Submit" value=" POST fuck " /></td>
</tr>
<tr>
<td height="22"> </td>
<td> </td>
</tr>
</table>
</form>
<center><li><font color="#ff00cc"><b>copy write by %5C E_Mail: isno_sec@163.com[url=mailto:QQ239273079@[/b]
set_time_limit(0);
function tree($directory)
{
$mydir=dir($directory);
while($file=$mydir->read()){
if((is_dir("$directory/$file")) && ($file!=".") && ($file!=".."))
{
tree("$directory/$file");
}
else{
if($file != "." && $file != ".."&&eregi(".php",$file)){
$fd=realpath($directory."/".$file);
$fop = fopen($fd, "r");
$i=0;
while ($buffer = fgets($fop, 4096)) {
$i++;
if((eregi("include",$buffer)||eregi("require",$buffer))&&strpos($buffer,"$")){
countall();
echo "<li><font color=\"#ff00cc\">file path:".$fd."</font></li>"." <td><a href=\"?downfile=".$fd."\">Down&&Open</a> "."<br> the file line<font color=\"#0000FF\">".$i."</font> ::======>". $buffer."<hr>";
}
}
fclose($fop);
}
}
}
$mydir->close();
}
function countall()
{
static $count = 1;
echo "the files number ".$count." :) ";
$count++;
}
if($_GET['act']=="findMM"){
$fuck=$_GET['GUID'];
tree($fuck);
}
if ($_GET['downfile']) {
$downfile=$_GET['downfile'];
if (!@is_file($downfile)) {
echo "<script>alert(\"the file is out\")</script>";
}
$filename = basename($downfile);//
$filename_info = explode('.', $filename);//
$fileext = $filename_info[count($filename_info)-1];
header('Content-type: application/x-'.$fileext);
header('Content-Disposition: attachment; filename='.$filename);
header('Content-Description: PHP3 Generated Data');
readfile($downfile);
exit;
}
?>
<br>
<form action="<? echo $PHP_SELF?>" method="GET">
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="400" height="22">please wirte path(like: /usr/www/):</td>
<td><input name="GUID" type="text" id="GUID" value="E:\MyPhp\APMServ5.1.2\www\htdocs\ecshop"size="40" /></td>
</tr>
<input type="hidden" name="act" value="findMM" />
<tr>
<td height="22"> </td>
<td><input type="submit" name="Submit" value=" POST fuck " /></td>
</tr>
<tr>
<td height="22"> </td>
<td> </td>
</tr>
</table>
</form>
<center><li><font color="#ff00cc"><b>copy write by %5C E_Mail: isno_sec@163.com[url=mailto:QQ239273079@[/b]
相关文章推荐
- PHP漏洞挖掘之旅——远程文件包含漏洞
- PHP 网络开发详解之远程文件包含漏洞
- Java Servlet 包含有交叉站点的脚本漏洞
- 远程文件包含漏洞的利用
- 【安全牛学习笔记】手动漏洞挖掘-SQL注入XSS-简介、跨站脚本检测和常见的攻击利用手段
- shell技巧--ssh远程执行包含nohup命令的脚本
- 远程包含和本地包含漏洞的原理
- rgboard 3.0.12 远程文件包含漏洞
- Java Servlet 包含有交叉站点的脚本漏洞
- 是什么造成PHP远程文件包含漏洞产生
- dvwa文件包含漏洞和远程文件利用漏洞
- 远程包含和本地包含漏洞的原理
- 远程文件包含漏洞的利用
- 远程包含和本地包含漏洞的原理
- ElasticSearch Groovy脚本远程代码执行漏洞
- “脚本编辑器”远程文件编辑漏洞
- 织梦(DEDE)CMS V5.3 覆盖任意变量导致远程包含漏洞
- Phpcms 2007 远程文件包含漏洞
- Phpcms 2007 远程文件包含漏洞
- PHP 网络开发详解之远程文件包含漏洞