Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #made by the real rusty shackleford!
- #automatic login on <inet-gateway>:8000/index.php
- #tested the exploit on a webserver runnin' lighttpd v1.4.32 webserver
- #when exploiting this vulnerability, an attacker could manipulate user logins (i.e. through ARP spoofing) and obtain user credentials.
- import requests, sys
- try:
- user = str(sys.argv[1])
- password = str(sys.argv[2])
- except:
- print("Usage: %s <user> <password" %str(sys.argv[0])
- exit()
- print("Performing HTTP GET...")
- rget = requests.get("http://172.26.167.254:8000/index.php")
- print("Performing HTTP POST...")
- post_pass = requests.post("http://172.26.167.254:8000/", data={'auth_user': user, 'auth_pass': passwd, "auth_voucher": "", "redirurl": "/", "accept": "Verzenden"})
- if("Server: lighttpd/1.4.32" in post_pass.content.decode()): #header server sends us when auth is succesfull
- print("Authentication failed.")
- else:
- print("Authenticated :)")
Add Comment
Please, Sign In to add comment