XyliBox с очередной лже уязвимостью spy eye 1.3.XX

[kolobok]

Finally done, a php page for download SpyEye binaries from the database and add an user if needed.
all you have to do is to fill the good maincp db infos.

<?php 
// Xyl2k :þ 
// Thanks to EsSandre for the additional help. 

    $MySQLI = array(); 
    
    /* MySQLI ID */ 
    
    $MySQLI['HOST'] = 'localhost'; 
    $MySQLI['USER'] = 'root'; 
    $MySQLI['PASS'] = 'toor'; 
    $MySQLI['DB'] = 'maincp'; 
    
    function str_error($error) 
    { 
        print '<p style="color:red;">'.htmlentities($error).'</p>'; 
    } 
    
    function download_binary($path_file, $buf) 
    { 
        header("Pragma: public"); 
        header("Expires: 0"); 
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); 
        header("Cache-Control: private", false); 
        header("Content-Type: application/octet-stream"); 
        header("Content-Disposition: attachment; filename=\"".basename($path_file)."\";" ); 

        header("Content-Transfer-Encoding: binary"); 
        header("Content-Length: ".strlen($buf)); 
        
        echo $buf; 
    } 
    
    $mysqli = new mysqli($MySQLI['HOST'], $MySQLI['USER'], $MySQLI['PASS'], $MySQLI['DB']); 
  
   if (isset($_POST['register_submit'])) 
    { 
        unset($_GET['id']); 
        if (isset($_POST['user']) && !is_array($_POST['user']) && !empty($_POST['user'])) 
        { 
            if (isset($_POST['password']) && !is_array($_POST['password']) && !empty($_POST['password'])) 
            { 
                if (trim($_POST['user']) == '' || trim($_POST['password']) == '') 
                    str_error('An error has occurred'); 
                else 
                { 
                    $user = mysql_real_escape_string($_POST['user']); 
                    $password = md5($_POST['password']); 
                    $mysqli->query("REPLACE INTO users_t VALUES('', '".$user."', '".$password."', '', '')"); 
                    echo '<p style="color:green;">User added successfully</p>'; 
                } 
            } 
            else 
                str_error('An error has occurred'); 
        } 
        else 
            str_error('An error has occurred'); 
    } 
  
    if (mysqli_connect_errno()) 
        die(str_error('MySQLI Connect : '.mysqli_connect_error())); 
    
    if (isset($_GET['id']) && !empty($_GET['id']) && !is_array($_GET['id'])) 
    { 
        if (is_numeric($_GET['id']) && $_GET['id'] > 0) 
        { 
            $id = $_GET['id']; 
            $sql = $mysqli->query('SELECT fName, fCont FROM files_t WHERE fId=\''.$id.'\''); 
            if ($sql->num_rows) 
            { 
                $_sql = $sql->fetch_array(MYSQLI_ASSOC); 
                download_binary($_sql['fName'], $_sql['fCont']); 
            } 
            else 
                str_error('Invalid file'); 
        } 
        else 
            str_error('Invalid file'); 
    } 
    else 
    { 
        echo '<h3>Add an Admin Account</h3><br /> 
            <form action="'.basename($_SERVER['PHP_SELF']).'" method="POST"> 
            <label for="user">Username</label><br /><input name="user" type="text"/><br /><br /> 
            <label for="user">Password</label><br /><input name="password" type="password"/><br /><br /> 
            <input name="register_submit" value="Register" type="submit"/> 
            </form>'; 
      
        $sql = $mysqli->query('SELECT fId, fName, fCont FROM files_t'); 
        if (!$sql) 
            die(str_error('MySQLI :: Query error : '.$mysqli->error)); 
        
        echo "\n<h3>List of available file in database</h3><br />\n"; 
        
        while($row = $sql->fetch_array(MYSQLI_ASSOC)) 
        { 
            echo "<a href=\"".basename($_SERVER['PHP_SELF'])."?id=".$row['fId']."\">".htmlentities($row['fName'])."</a><br /><br />\n"; 
        } 
    } 
    mysqli_close($mysqli); 
?>

xylibox.blogspot.com/2011/09/spyeye-v13x-mainpanel-download.html


Остается только залить этот скрипт на хост, и узнать пасс от БД

 

[Apocalypse]

Вообще-то это скрипт для добавления юзера в админку и скачки бинарей.