网络安全 > Exploit >
终端技巧 终端机常见绕过沙盘方法
昨晚跟@Sunshine 请教了下终端机的玩法,顺便翻了翻资料。总结了以下的几种方法File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities
| File Store PRO 3.2 Blind SQL Injection | |________________________________________| Download from: http://upoint.info/cgi/demo/fs/filestore.zip - Need admin rights: /confirm.php: [code] if(isset($_GET["folder&Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability
--== ========================================================= ==-- --== Wizi Wiki Wig Local File Inclusion Vulnerability ==-- --== ========================================================= ==-- [*] Discovered By: StAkeR ~ StAkeR@Facebook Newsroom CMS 0.5.0 Beta 1 Remote File Inclusion Vulnerability
##################################################################### # # Facebook Newsroom Application Remote File Inclusion Vulnerability # ##################################################################### # # Discovered by :DreamNews Manager (id) Remote SQL Injection Vulnerability
######################################################### # # dreamnews ( rss) Remote SQL Injection Vulnerability #======================================================== # Author: Hussin X = #phpDatingClub (website.php page) Local File Inclusion Vulnerability
######################################################### # # phpDatingClub Local File Include Vulnerability #======================================================== # = # Author: Big Bengapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability
###################################################################################################### gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability ###############################################################################Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit
<html> <body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target /> </object> <script language=javascript> // k`sOSe 08/08/2008 // tested in IE6, XP SP1 var shellcode = unescape("Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
<?php /* . vuln.: Quicksilver Forums 1.4.1 (forums[]) Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4z[at]yahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ;) .IntelliTamper 2.07/2.08 Beta 4 A HREF Remote Buffer Overflow Exploit
/********************************************************************/ /* [Crpt] IntelliTamper v2.07/2.08 Beta 4 sploit by kralor [Crpt] */ /********************************************************************/ /*IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit
/** ** ** IntelliTamper 2.07 Location: HTTP Header Remote Code Execution exploit. ** ** Based on exploit by Koshi (written in Perl). This one should be more ** stable. Just for fun and to learn more about win32 exploitation. ** ** by WoMicrosoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC
var body='<OBJECT CLASSID="CLSID:C932BA85-4374-101B-A56C-00AA003668DC" width="10"><PARAM NAME="Mask" VALUE="'; var body1='"></OBJECT>'; var buf=''; #!/usr/bin/python # FlashGet 1.9 (FTP PWD Response) 0day Remote Buffer Overflow PoC Exploit # Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl> # Testen on: FlashGet 1.9 / XP SP2 Polish # Product URL: http://www.flashget.com/MojoJobs (mojoJobs.cgi mojo) Blind SQL Injection Exploit
#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " n"; print " #################### Viva IslaMe Viva IslaMe #############MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit
#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " n"; print " #################### Viva IslaMe Viva IslaMe #############