Apache vulnerability exploitation process

Source: Internet
Author: User
Author: Cherry Blossom prodigal son [I .s. T] Intruders Technical Forum 5 m 'c5m5n55g' i6c-B-A * z
Source:
Http://www.hacklu.netHacker technology, intrusion technology, hacker technology exchange) M # D: O (v8t * Y) F: O
Note: Please note the copyright for reprinting. This article is copyrighted by 1st and Sakura prodigal son .!
2u (D7} 3 {"R -? Hacker technology, intrusion technology, hacker technology exchange www.intruder.com.cn, Q ('8i1k0d! W'm-_ 4b! {
Here, we only study the intrusion technology of computer hackers! 9Q W3 {5 H "m
I tested the vulnerability announcement from the Red Wolf, and the success rate was quite high. : @ "H1z5j % j1b, O

, L b0l, y s only studies computer hacker intrusion technologies here! Description: any file name starting with. php, Apache are used as PHP File Parsing www.intruder.com. cn1l, I: V * q $ P-E! X /_
Here, we only study the intrusion technology of computer hackers! $ N8p7c7t8i0p2z
For example, ". php. Comment" will be parsed as a PHP file, resulting in a series of vulnerabilities. (] 'n')} 'r0h :@

# Z: Y 'K/c9fwww.intruder.com. cnmg is a popular PHP + HTML image management program in foreign countries. Due to the cracking of the commercial version, the program has been widely spread,
/Q + k5e0? 4f +? Search for the keyword "owered by Mg 2 v0.5.1" hacker technology, intrusion technology, hacker technology exchange + O (J. U) D-D "F
The latest version has the file Write vulnerability, which can be configured with the Apache vulnerability directly by using shell.
3 T. C. R/C) K! W & G % B! Z only studies the intrusion technology of computer hackers! : V; H (f5b, T8 @ * g4h * I
The addcomment () function in des/mg2_functions.php is as follows: www.intruder.com.cn-z5b; A (R % d "X" W'] * [3O) x 'G

#~ 2g3a-g3m; s7e intruder Technology Forum code: Here we only study computer hacker intrusion technology! 3X * L3 {4o0q: c2C-C9g + x9 [

3] 1j; J: ['a4h5z! G hacker technology | intrusion technology | penetration technology function addcomment () {intruder Technology Forum $ w7y! T; x2g/d3k + H
$ _ Request ['filename'] = $ this-> charfix ($ _ request ['filename']);
* Z/q) x2j #@. t2} $ request $ _ request ['input'] = $ this-> charfix ($ _ request ['input']); here we only study the intrusion technology of computer hackers! ]; N2w * _ 6g, O
$ _ Request ['email '] = $ this-> charfix ($ _ request ['email']);
9 @ 3 \ 5 _ * j: X & F "@ intruder technical forum $ _ request ['name'] = $ this-> charfix ($ _ request ['name']);
; E ([(E & o9v/X & N $ _ request ['input'] = strip_tags ($ _ request ['input'], "<B> </B> <I> </I> <u> </u> <strong> </strong> <em> </em> "); hacker technology | intrusion technology | penetration technology; L $ T | % I $ U "m3 '.? 0n
$ _ Request ['input'] = str_replace ("\ n", "<br/>", $ _ request ['input']);
/R$} & T %} + K. N hacker technology, intrusion technology, hacker technology exchange $ _ request ['input'] = str_replace ("\ r", "", $ _ request ['input']);
;} + Z (K, F, n here only studies computer hacker intrusion technology! If ($ _ request ['input']! = "" & $ _ Request ['name']! = "" & $ _ Request ['email ']! = "") {Hacker technology, intrusion technology, hacker technology exchange-C & u9v (N * z
$ This-> readcomments ("pictures/". $ _ request ['filename']. ". Comment"); only the intrusion technology of computer hackers is studied here! 0 [5d; w a % N. P3 \ 'q
$ Comment_exists = $ this-> select ($ _ request ['input'], $ this-> comments, 3, 1, 0); intruder Technical Forum/g6d1e4 [. a9j6g8l & R @
$ Comment_exists = $ this-> select ($ _ request ['name'], $ comment_exists, 0); here we only study computer hacker intrusion technology! 1j! Y: Z1 {; W + {5i2w
$ Comment_exists = $ this-> select ($ _ request ['email '], $ comment_exists, 2, 1, 0 );
$ V0h "| fig (A 'l * n4c2 \ www.intruder.com.cn if (count ($ comment_exists) = 0 ){
, K1] (w-I6v * r: O, zwww.intruder.com.cn $ this-> comments [] = array (Time (), $ _ request ['name'], $ _ request ['email '], $ _ request ['input']); only the intrusion technology of computer hackers is studied here! # Y8 '5z0x. @ # l4h + x
$ This-> writecomments ($ _ request ['filename']. ". Comment ");
/Q0i % q) m; W "r5d.......www.intruder.com.cn & S l2m,] 6O/k5f

; V-I $ v % R8 ^) L + v1m8r here only studies computer hacker intrusion technology! [Copy to clipboard]
* F) C + B 'r9n1p4p intruders Technical Forum, v5x/S % w1x4s $ v

5 ~ (I5G + u * n hacker technology | intrusion technology | penetration technology vulnerabilities are obvious. You can customize the comment file name if your custom filename is ". PHP ", then the program will be in hacking technology | intrusion technology | penetration technology; s9j4w (I/y5h4o + q" V']
The image root directory generates a ". php. Comment" file. Due to Apache vulnerabilities, this program is parsed as a PHP file, and webshell is ready.
'': B0O-n #}) N: r3z! V hacker technology, intrusion technology, hacker technology exchange
3X $ ~ 2 T, i6_2 [$ R) r y here only studies computer hacker intrusion technology! Exploitation process: go to Google to find a website with a vulnerability. The keyword "powered by Mg" is used to put the website to the exploitation tool written by Tong, as shown in Figure 1www.intruder.com.cn/?&w=a2f=g2d.
Intrusion technology, hacker technology exchange 6u9? & V5d ~

# H "w2t * w-w + {hacker technology | intrusion technology | penetration technologyClick Upload shell first, and wait for the webpage to return and then access shell. If the page shown in Figure 2 appears, the upload is successful. 3u "d0m; O * v4c4m
Www.intruder.com.cn p3a7? $ M + _

'N' (W/} 4 W; F $ T: E hacker Technology Forum hacker technology, intrusion technology, hacker technology exchange + T: ''R & F) t4i
Click a dedicated link to download the connection page. Figure 3. Write the webpage in the program and Click Upload. If the page shown in Figure 4 is successful, set TT. PHP. comment
Communication 3j $ E (| )@! S
The name of your Trojan is successful, and I am not familiar with the Lin system, so it is difficult to raise the right. I just hung a black page, and it seems that there is no black page in a year, haha. Figure 5. The tool is packaged for everyone. Intruders Technical Forum-A + z "W/! S' {4 V

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.