php检测脚本,请教使用方法
发表于 : 2010-09-17 17:09
我在检测时遇到一个从未见过的exploit,地址是:
http://www.waraxe.us/ftopict-4058.html
根据我的查询 php代码前有#!/usr/bin/php -q 是需要在shell下运行的脚本
我保存了该代码为PHP文件cutenews.php,并在ubuntu终端中运行
$ php /home/xiong/cutenews.php
返回:
+----------------------------------------------------------------------------------+
| CuteNews <= 1.4.6 (ip ban) Remote Command Execution Exploit |
+----------------------------------------------------------------------------------+
by athos - staker[at]hotmail[dot]it / http://cutephp.com
Usage: php xpl.php [host] [path] [username] [password]
host + localhost
path + /cutenews
username + admin username
password + admin password
$
我根据他写的使用方法Usage: php xpl.php [host] [path] [username] [password] 输入相应东西,但是没反应
$ php xpl.php www.test.com /cutenews woshiadmin admindemima
但是没有反应,请问这个exploit应该怎么用
http://www.waraxe.us/ftopict-4058.html
根据我的查询 php代码前有#!/usr/bin/php -q 是需要在shell下运行的脚本
我保存了该代码为PHP文件cutenews.php,并在ubuntu终端中运行
$ php /home/xiong/cutenews.php
返回:
+----------------------------------------------------------------------------------+
| CuteNews <= 1.4.6 (ip ban) Remote Command Execution Exploit |
+----------------------------------------------------------------------------------+
by athos - staker[at]hotmail[dot]it / http://cutephp.com
Usage: php xpl.php [host] [path] [username] [password]
host + localhost
path + /cutenews
username + admin username
password + admin password
$
我根据他写的使用方法Usage: php xpl.php [host] [path] [username] [password] 输入相应东西,但是没反应
$ php xpl.php www.test.com /cutenews woshiadmin admindemima
但是没有反应,请问这个exploit应该怎么用