[推荐]如何通过web安全添加系统用户adduserfromdb.pl
#!/usr/bin/perl
use DBI;
$dbuser = "xxxx";
$dbpasswd = "xxx";
$db = "xxxx";
$dbh = DBI->connect("DBI:mysql:$db",$dbuser,$dbpasswd);
$query = "select user,passwd from usertable where addornot=0";
$sth = $dbh->prepare($query);
$rv = $sth->execute or die "Can't execute the query:$sth->errstr\n";
while(@row = $sth->fetchrow_array) {
#print "user=".$row[0]."\n";
#print "password=".$row[1]."\n";
@saltchars = (a .. z, A .. Z, 0 .. 9);
srand(time||$$);
$salt = $saltchars[rand($#saltchars)] . $saltchars[rand($#saltchars)];
#print "$salt\t$row[1]\n";
$encrypt_passwd = crypt($row[1],$salt);
#print $encrypt_passwd."\n";
$add_exec = "/usr/sbin/useradd -p ".$encrypt_passwd." ".$row[0];
#对useradd增加参数,可以控制用户的组别、目录、登陆与否、shell等等
#print $add_exec."\n";
system($add_exec);
}
#1;
用户信息表
usertable:
CREATE TABLE usertoadd (
user tinytext NOT NULL,
passwd tinytext NOT NULL,
addornot tinyint(4) DEFAULT '0' NOT NULL
);
| [0day]PHPWind 5.x Exploits GUI | 04-07 | |
| dxbbs漏洞(通杀7.3以前所有版本) | 04-06 | |
| 记对一足球推荐站点的渗透 | 04-06 | |
| 注射DB_ONER权限并且主机与数据库 | 04-06 | |
| bbsxp sql最新版再爆0day? | 04-02 | |
| BBS的通杀跨站方法 | 04-02 | |
| CCTV的XSS跨站 | 03-28 | |
| 全面解析百度XSS跨站漏洞 | 03-26 | |
| Wordpress 2.1.2 以及之前版本物 | 03-26 | |
| 动易最新入侵方法 | 03-15 | |
| PJBlog漏洞利用 | 03-14 | |
| DVBBS <= 7.1.0 sp1 博客 远程注 | 03-14 | |
您现在的位置: