Re: [PHP] GET Command

Tue, 17 Jul 2001 11:15:20 -0700 

MessageHi,
Here's what I'm trying to do:

I want to test an IIS server for an invulnerability. This is done by sending
a GET command to test for it.
Here's a blurb from the security advisory that I am working with:

---snip---
A scan is performed over some region of the Internet, searching for web
servers accepting TCP connections on port 80. A specially formed "HTTP GET"
request is then sent over the accepted connection to the server:
GET /scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\
---snip---

How can I do a simple page where, the user inputs the url (www.whatever.com)
And it runs this test, telling the user if it passes or fails, and returns
the output?

Btw, the security advisory comes from http://grc.com/dos/grcdos.htm which
outlines some very interesting things happening with IRC based DoS attacks,
in case your interested.


Thanks!


Clayton Dukes
CCNA, CCDA, CCDP, CCNP
(c) 904.477.7825
(h) 904.292.1881
Download Free Essays, Term Papers and Cisco Training from http://www.gdd.net


----- Original Message -----
From: Matthew Loff
To: 'Clayton Dukes' ; [EMAIL PROTECTED]
Sent: Tuesday, July 17, 2001 2:11 PM
Subject: RE: [PHP] GEt Command



$site = fopen(http://www.whatever.com/, "r");
$contents = fread($site, 102400);
fclose($site);

-----Original Message-----
From: Clayton Dukes [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 17, 2001 2:08 PM
To: [EMAIL PROTECTED]
Subject: [PHP] GEt Command


Does anyone have a simple script that will GET a web page and return the
reply?

Something like this:

function getpage($host, $path, getstr) {
$getstr="whatever\r\n";
$host=www.whatever.com;

    $hdr=sprintf("GET $getstr", $path);
    $hdr .="Content-type: application/x-www-form-urlencoded\r\n";
    $hdr .="Accept: text/html\r\nAccept: text/plain\r\n";
    $hdr .="User-Agent: Mozilla/1.0\r\n\r\n";

    $fp = fsockopen($host , 80, &$errno, &$errstr, 45);
    if (!$fp) {
        echo "$host open error: $errstr $errno .\n";
        return(0);
    } else {
        fputs($fp,$hdr.$poststr);
        return($fp);
    }
}

while (!feof($fp)) {
    $buff=fgets($fp, 1024);
    //dofoo($buff);
    echo "$buff";
}
fclose($fp);


TIA!

Clayton Dukes
CCNA, CCDA, CCDP, CCNP
(c) 904.477.7825
(h) 904.292.1881
Download Free Essays, Term Papers and Cisco Training from http://www.gdd.net


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to